Set up your personal firewall

drakfirewall

This tool[44] is found under the Security tab in the Mageia Control Center labelled "Set up your personal firewall". It is the same tool in the first tab of "Configure system security, permissions and audit".

A basic firewall is installed by default with Mageia. All the incoming connections from the outside are blocked if they aren't authorised. In the first screen above, you can select the services for which outside connection attempts are accepted. For your security, uncheck the first box - Everything (no firewall) - unless you want to disable the firewall, and only check the needed services.

It is possible to manually enter the port numbers to open. Click on Advanced and a new window is opened. In the field Other ports, enter the needed ports following these examples :

80/tcp : open the port 80 tcp protocol

24000:24010/udp : open all the ports from 24000 to 24010 udp protocol

The listed ports should be separated by a space.

If the box Log firewall messages in system logs is checked, the firewall messages will be saved in system logs

Note

If you don't host specific services (web or mail server, file sharing, ...) it is completely possible to have nothing checked at all, it is even recommended, it won't prevent you from connecting to the internet.

The next screen deals with the Interactive Firewall options. These feature allow you to be warned of connection attempts if at least the first box Use Interactive Firewall is checked. Check the second box to be warned if the ports are scanned (in order to find a failure somewhere and enter your machine). Each box from the third one onwards corresponds to a port you opened in the two first screens; in the screenshot below, there are two such boxes: SSH server and 80:150/tcp. Check them to be warned each time a connection is attempted on those ports.

These warning are given by alert popups through the network applet.

In the last screen, choose which network interfaces are connected to the Internet and must be protected. Once the OK button is clicked, the necessary packages are downloaded.

Tip

If you don't know what to choose, have a look in MCC tab Network & Internet, icon Set up a new network interface.



[44] You can start this tool from the command line, by typing drakfirewall as root.


CC BY-SA 3.0
Uploaded on 22/10/2016