特殊:Badtitle/NS100:Firestarter:修订间差异
小无编辑摘要 |
小无编辑摘要 |
||
(未显示3个用户的9个中间版本) | |||
第1行: | 第1行: | ||
{{From|https://help.ubuntu.com/community/Firestarter}} | {{From|https://help.ubuntu.com/community/Firestarter}} | ||
{{Languages|UbuntuHelp:Firestarter}} | {{Languages|UbuntuHelp:Firestarter}} | ||
<<Include(Tag/ContentCleanup)>> | |||
== Introduction == | |||
Firestarter is an application for configuring your Ubuntu (GNU/Linux) firewall. For an overview of firewalls, please see [[UbuntuHelp:Firewall|Firewall]]. | |||
=== Key Features === | |||
== | * Suitable for use on desktops, servers and gateways | ||
* Enables Internet connection sharing | |||
Firestarter is an application for configuring your Ubuntu (GNU/Linux) firewall | * Allows you to define both inbound and outbound access policy | ||
== Key Features == | |||
* Wizard for easily configuring your firewall | * Wizard for easily configuring your firewall | ||
* Sets up DHCP for a local network | |||
* Real time firewall events view | |||
== | * View active network connections, including any traffic routed through the firewall | ||
=== Screenshots === | |||
https://help.ubuntu.com/community/Firestarter?action=AttachFile&do=get&target=scrn-firestarter.jpg | https://help.ubuntu.com/community/Firestarter?action=AttachFile&do=get&target=scrn-firestarter.jpg | ||
< | <<BR>> | ||
https://help.ubuntu.com/community/Firestarter?action=AttachFile&do=get&target=scrn-firestarter-prefs.jpg | https://help.ubuntu.com/community/Firestarter?action=AttachFile&do=get&target=scrn-firestarter-prefs.jpg | ||
== Installation == | == Installation == | ||
* Via [[UbuntuHelp:Synaptic|Synaptic Package Manager]] | |||
* Via | * Via [[UbuntuHelp:AptGet/Howto|apt-get]] | ||
* Via apt-get | <pre><nowiki> | ||
sudo apt-get install firestarter | sudo apt-get install firestarter | ||
</nowiki></pre> | </nowiki></pre> | ||
== Hints and Tips == | == Hints and Tips == | ||
=== Initial settings === | |||
Go under Edit -> Preferences. | |||
==== Interface tab ==== | |||
*Check "Enable tray icon" and "Minimize to tray on window close". | |||
*'''Your firewall will be active when you boot regardless of if you choose to activate the tray icon or not'''. | |||
'''Policy tab (under Interface)''' | |||
*Check the "Apply policy changes immediately". | |||
==== Firewall tab ==== | |||
'''Network Settings''' | |||
*Select your interface | |||
'''ICMP Filterings''' | |||
*Select "Enable ICMP filtering". | |||
*Check (enable) "Echo request (ping)" and "Echo reply (pong)" for network connection testing/troubleshooting | |||
=== Main window === | |||
To disable your firewall Firewall -> Stop firewall | |||
To re-enable Firewall -> Start firewall | |||
You have three tabs : | |||
==== Status window ==== | |||
Shows general information. | |||
==== Events ==== | |||
This window will show blocked events. | |||
*To allow a blocked connection, select the blocked connection, right click and select from the pull down menu. | |||
==== Policy ==== | |||
This is where you can set and review connection policies. This view is split, the upper view is for ''Hosts'' and the lower window is for ''Services'' aka Ports. | |||
To '''make a new policy''', right click in either window and choose "Add rule" from the pull down menu. | |||
*To enable your LAN, use something like 192.168.1.1/24 | |||
To '''edit an existing policy''' select the appropriate policy in the window, right click, and select "Remove Rule" to delete the policy and "Edit rule" to modify the policy. | |||
== Troubleshooting == | |||
=== NetworkManager === | |||
Apparently there is a conflict between Firestarter and [[UbuntuHelp:NetworkManager|NetworkManager]]. | |||
The "fix" is to edit ''/etc/firestarter/firestarter.sh'' | |||
<pre><nowiki> | |||
gksu gedit /etc/firestarter/firestarter.sh | |||
</nowiki></pre> | |||
Comment out : | |||
<pre><nowiki> | |||
if [ "$MASK" = "" -a "$1" != "stop" ]; then | |||
echo "External network device $IF is not ready. Aborting.." | |||
exit 2 | |||
fi | |||
</nowiki></pre> | |||
Like this: | |||
<pre><nowiki> | |||
#if [ "$MASK" = "" -a "$1" != "stop" ]; then | |||
#echo "External network device $IF is not ready. Aborting.." | |||
#exit 2 | |||
#fi | |||
</nowiki></pre> | |||
Save your changes and re-boot. | |||
=== Stalled connections === | |||
When you use internet connection with traffic limiting by dropping packets (for example, ADSL ISP) firestarter may be a cause stalling TCP connections. For example, when you try to scp some megabytes, process hangs up and scp writes "stalled". | |||
This problem is due to bug [https://bugs.launchpad.net/ubuntu/+source/firestarter/+bug/258863 #258863] in firestarter. Firestarter contains script (/etc/firestarter/sysctl-tuning), that disables in kernel some TCP mechanisms, that are responsible for effective connection in network with packet loss: SACK, Window-scaling and TCP-timestamps. | |||
If you have such problems, consider using [[UbuntuHelp:UFW|UFW]] or comment out following lines in the script mentioned above (I have not tested this): | |||
<pre><nowiki> | |||
# Turn off TCP Timestamping in kernel | |||
if [ -e /proc/sys/net/ipv4/tcp_timestamps ]; then | |||
echo 0 > /proc/sys/net/ipv4/tcp_timestamps | |||
fi | |||
# Set TCP Re-Ordering value in kernel to '5' | |||
if [ -e /proc/sys/net/ipv4/tcp_reordering ]; then | |||
echo 5 > /proc/sys/net/ipv4/tcp_reordering | |||
fi | |||
# Turn off TCP ACK in kernel | |||
if [ -e /proc/sys/net/ipv4/tcp_sack ]; then | |||
echo 0 > /proc/sys/net/ipv4/tcp_sack | |||
fi | |||
#Turn off TCP Window Scaling in kernel | |||
if [ -e /proc/sys/net/ipv4/tcp_window_scaling ]; then | |||
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling | |||
fi | |||
</nowiki></pre> | |||
Like this | |||
<pre><nowiki> | |||
# Turn off TCP Timestamping in kernel | |||
#if [ -e /proc/sys/net/ipv4/tcp_timestamps ]; then | |||
# echo 0 > /proc/sys/net/ipv4/tcp_timestamps | |||
#fi | |||
# Set TCP Re-Ordering value in kernel to '5' | |||
#if [ -e /proc/sys/net/ipv4/tcp_reordering ]; then | |||
# echo 5 > /proc/sys/net/ipv4/tcp_reordering | |||
#fi | |||
# Turn off TCP ACK in kernel | |||
#if [ -e /proc/sys/net/ipv4/tcp_sack ]; then | |||
# echo 0 > /proc/sys/net/ipv4/tcp_sack | |||
#fi | |||
#Turn off TCP Window Scaling in kernel | |||
#if [ -e /proc/sys/net/ipv4/tcp_window_scaling ]; then | |||
# echo 0 > /proc/sys/net/ipv4/tcp_window_scaling | |||
#fi | |||
</nowiki></pre> | |||
Save your changes and restart firewall: | |||
<pre><nowiki> | |||
sudo /etc/init.d/firestarter restart | |||
</nowiki></pre> | |||
== Further Reading == | == Further Reading == | ||
* [http://www.fs-security.com/ Firestarter] - home page | |||
* | * [http://www.ubuntugeek.com/firestarter-firewall-for-your-ubuntu-desktop.html] | ||
* [[UbuntuHelp:Firewall|Firewall]] | |||
* [[UbuntuHelp:Iptables|Iptables]] | |||
* [[UbuntuHelp:UFW| Uncomplicated Firewall (UFW)]] | |||
---- | ---- | ||
[[category: | [[category:CategoryNetworking]] [[category:CategorySecurity]] | ||
[[category:UbuntuHelp]] | [[category:UbuntuHelp]] |
2010年5月19日 (三) 22:22的最新版本
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/Firestarter }} |
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/af | • {{#if: UbuntuHelp:Firestarter|Afrikaans| [[::Firestarter/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/ar | • {{#if: UbuntuHelp:Firestarter|العربية| [[::Firestarter/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/az | • {{#if: UbuntuHelp:Firestarter|azərbaycanca| [[::Firestarter/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/bcc | • {{#if: UbuntuHelp:Firestarter|جهلسری بلوچی| [[::Firestarter/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/bg | • {{#if: UbuntuHelp:Firestarter|български| [[::Firestarter/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/br | • {{#if: UbuntuHelp:Firestarter|brezhoneg| [[::Firestarter/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/ca | • {{#if: UbuntuHelp:Firestarter|català| [[::Firestarter/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/cs | • {{#if: UbuntuHelp:Firestarter|čeština| [[::Firestarter/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/de | • {{#if: UbuntuHelp:Firestarter|Deutsch| [[::Firestarter/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/el | • {{#if: UbuntuHelp:Firestarter|Ελληνικά| [[::Firestarter/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/es | • {{#if: UbuntuHelp:Firestarter|español| [[::Firestarter/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/fa | • {{#if: UbuntuHelp:Firestarter|فارسی| [[::Firestarter/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/fi | • {{#if: UbuntuHelp:Firestarter|suomi| [[::Firestarter/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/fr | • {{#if: UbuntuHelp:Firestarter|français| [[::Firestarter/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/gu | • {{#if: UbuntuHelp:Firestarter|ગુજરાતી| [[::Firestarter/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/he | • {{#if: UbuntuHelp:Firestarter|עברית| [[::Firestarter/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/hu | • {{#if: UbuntuHelp:Firestarter|magyar| [[::Firestarter/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/id | • {{#if: UbuntuHelp:Firestarter|Bahasa Indonesia| [[::Firestarter/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/it | • {{#if: UbuntuHelp:Firestarter|italiano| [[::Firestarter/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/ja | • {{#if: UbuntuHelp:Firestarter|日本語| [[::Firestarter/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/ko | • {{#if: UbuntuHelp:Firestarter|한국어| [[::Firestarter/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/ksh | • {{#if: UbuntuHelp:Firestarter|Ripoarisch| [[::Firestarter/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/mr | • {{#if: UbuntuHelp:Firestarter|मराठी| [[::Firestarter/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/ms | • {{#if: UbuntuHelp:Firestarter|Bahasa Melayu| [[::Firestarter/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/nl | • {{#if: UbuntuHelp:Firestarter|Nederlands| [[::Firestarter/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/no | • {{#if: UbuntuHelp:Firestarter|norsk| [[::Firestarter/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/oc | • {{#if: UbuntuHelp:Firestarter|occitan| [[::Firestarter/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/pl | • {{#if: UbuntuHelp:Firestarter|polski| [[::Firestarter/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/pt | • {{#if: UbuntuHelp:Firestarter|português| [[::Firestarter/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/ro | • {{#if: UbuntuHelp:Firestarter|română| [[::Firestarter/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/ru | • {{#if: UbuntuHelp:Firestarter|русский| [[::Firestarter/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/si | • {{#if: UbuntuHelp:Firestarter|සිංහල| [[::Firestarter/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/sq | • {{#if: UbuntuHelp:Firestarter|shqip| [[::Firestarter/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/sr | • {{#if: UbuntuHelp:Firestarter|српски / srpski| [[::Firestarter/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/sv | • {{#if: UbuntuHelp:Firestarter|svenska| [[::Firestarter/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/th | • {{#if: UbuntuHelp:Firestarter|ไทย| [[::Firestarter/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/tr | • {{#if: UbuntuHelp:Firestarter|Türkçe| [[::Firestarter/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/vi | • {{#if: UbuntuHelp:Firestarter|Tiếng Việt| [[::Firestarter/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/yue | • {{#if: UbuntuHelp:Firestarter|粵語| [[::Firestarter/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/zh | • {{#if: UbuntuHelp:Firestarter|中文| [[::Firestarter/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/zh-hans | • {{#if: UbuntuHelp:Firestarter|中文(简体)| [[::Firestarter/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Firestarter | UbuntuHelp:Firestarter | {{#if: | :}}Firestarter}}/zh-hant | • {{#if: UbuntuHelp:Firestarter|中文(繁體)| [[::Firestarter/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:Firestarter|:Firestarter|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :Firestarter/zh | | {{#ifexist: Firestarter/zh | | {{#ifeq: {{#titleparts:Firestarter|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:Firestarter|1|-1|}} | zh | | }}
<<Include(Tag/ContentCleanup)>>
Introduction
Firestarter is an application for configuring your Ubuntu (GNU/Linux) firewall. For an overview of firewalls, please see Firewall.
Key Features
- Suitable for use on desktops, servers and gateways
- Enables Internet connection sharing
- Allows you to define both inbound and outbound access policy
- Wizard for easily configuring your firewall
- Sets up DHCP for a local network
- Real time firewall events view
- View active network connections, including any traffic routed through the firewall
Screenshots
<
>
Installation
- Via Synaptic Package Manager
- Via apt-get
sudo apt-get install firestarter
Hints and Tips
Initial settings
Go under Edit -> Preferences.
Interface tab
- Check "Enable tray icon" and "Minimize to tray on window close".
- Your firewall will be active when you boot regardless of if you choose to activate the tray icon or not.
Policy tab (under Interface)
- Check the "Apply policy changes immediately".
Firewall tab
Network Settings
- Select your interface
ICMP Filterings
- Select "Enable ICMP filtering".
- Check (enable) "Echo request (ping)" and "Echo reply (pong)" for network connection testing/troubleshooting
Main window
To disable your firewall Firewall -> Stop firewall To re-enable Firewall -> Start firewall You have three tabs :
Status window
Shows general information.
Events
This window will show blocked events.
- To allow a blocked connection, select the blocked connection, right click and select from the pull down menu.
Policy
This is where you can set and review connection policies. This view is split, the upper view is for Hosts and the lower window is for Services aka Ports. To make a new policy, right click in either window and choose "Add rule" from the pull down menu.
- To enable your LAN, use something like 192.168.1.1/24
To edit an existing policy select the appropriate policy in the window, right click, and select "Remove Rule" to delete the policy and "Edit rule" to modify the policy.
Troubleshooting
NetworkManager
Apparently there is a conflict between Firestarter and NetworkManager. The "fix" is to edit /etc/firestarter/firestarter.sh
gksu gedit /etc/firestarter/firestarter.sh
Comment out :
if [ "$MASK" = "" -a "$1" != "stop" ]; then echo "External network device $IF is not ready. Aborting.." exit 2 fi
Like this:
#if [ "$MASK" = "" -a "$1" != "stop" ]; then #echo "External network device $IF is not ready. Aborting.." #exit 2 #fi
Save your changes and re-boot.
Stalled connections
When you use internet connection with traffic limiting by dropping packets (for example, ADSL ISP) firestarter may be a cause stalling TCP connections. For example, when you try to scp some megabytes, process hangs up and scp writes "stalled". This problem is due to bug #258863 in firestarter. Firestarter contains script (/etc/firestarter/sysctl-tuning), that disables in kernel some TCP mechanisms, that are responsible for effective connection in network with packet loss: SACK, Window-scaling and TCP-timestamps. If you have such problems, consider using UFW or comment out following lines in the script mentioned above (I have not tested this):
# Turn off TCP Timestamping in kernel if [ -e /proc/sys/net/ipv4/tcp_timestamps ]; then echo 0 > /proc/sys/net/ipv4/tcp_timestamps fi # Set TCP Re-Ordering value in kernel to '5' if [ -e /proc/sys/net/ipv4/tcp_reordering ]; then echo 5 > /proc/sys/net/ipv4/tcp_reordering fi # Turn off TCP ACK in kernel if [ -e /proc/sys/net/ipv4/tcp_sack ]; then echo 0 > /proc/sys/net/ipv4/tcp_sack fi #Turn off TCP Window Scaling in kernel if [ -e /proc/sys/net/ipv4/tcp_window_scaling ]; then echo 0 > /proc/sys/net/ipv4/tcp_window_scaling fi
Like this
# Turn off TCP Timestamping in kernel #if [ -e /proc/sys/net/ipv4/tcp_timestamps ]; then # echo 0 > /proc/sys/net/ipv4/tcp_timestamps #fi # Set TCP Re-Ordering value in kernel to '5' #if [ -e /proc/sys/net/ipv4/tcp_reordering ]; then # echo 5 > /proc/sys/net/ipv4/tcp_reordering #fi # Turn off TCP ACK in kernel #if [ -e /proc/sys/net/ipv4/tcp_sack ]; then # echo 0 > /proc/sys/net/ipv4/tcp_sack #fi #Turn off TCP Window Scaling in kernel #if [ -e /proc/sys/net/ipv4/tcp_window_scaling ]; then # echo 0 > /proc/sys/net/ipv4/tcp_window_scaling #fi
Save your changes and restart firewall:
sudo /etc/init.d/firestarter restart
Further Reading
- Firestarter - home page
- [1]
- Firewall
- Iptables
- Uncomplicated Firewall (UFW)