14.3. Securing your Internet Access via DrakFirewall

This little tool allows you to configure the basic firewall installed by default on your machine. It filters connection attempts made from the outside, and blocks unauthorized ones. You will have to configure it if you wish to allow incoming connections to your computer, if you host specific services on it such as file sharing, Web Server, etc.

This Wizard consists of the steps detailed below.

14.3.1. Choosing Services to be Available from Outside

Figure 14.6. The DrakFirewall Window

The DrakFirewall Window

Open Up Ports, If Needed.  If checked, uncheck the Everything (no firewall) box, and then check the boxes corresponding to the services you wish to make available to the outside world. If you wish to authorize a service which isn't listed here, click on Advanced to manually enter the port numbers to open and to control the logging of firewall messages.

[Tip] Opening Unusual Services

Clicking on Advanced opens a field named Other ports where you can enter any port to be opened to the outside world. Examples of port specifications are presented just above the input field: use them as a guide. It's possible to specify port ranges by using the : syntax such as 24300:24350/udp.

This Won't Block You from Accessing the Net.  Not checking a service in this list won't stop you from connecting to the Internet. It will only prevent people from the Internet connecting to that service on your machine. If you don't plan on hosting any services on your machine (common case for a desktop machine) just leave all boxes unchecked.

How to Disable the Firewall.  On the other hand if you wish to disable the firewall and leave all services accessible from the outside, check Everything (no firewall), but please bear in mind that this is very insecure, and therefore not recommended.

14.3.2. Activating Interactive Firewall Feature

Figure 14.7. Interactive Firewall Options

Interactive Firewall Options

Stay Informed of Connections on your Machine.  The interactive firewall can warn you of connection attempts on your machine by displaying alert popups through the network applet. Check the Use Interactive Firewall option to activate this feature. (Refer to Section 10.8, “Firewall Black/White Lists, etc.” for more details.)

Port scan detection

Activate this option to be warned of possible malicious attempts to access your machine.

Other entries corresponding to open ports

Next you are shown a checkbox for each port you have chosen to open during the previous step. Activating them will pop up a warning each time a connection attempt is made on those ports.

14.3.3. Which Interface(s) to Protect

The next step consists of selecting the network interface connected to the Internet.

Figure 14.8. The Internet Interface

The Internet Interface

If you don't know which interfaces you have connected for the Internet, you can check the system network configuration (see Section 10.1.2, “Network Center: Reconfiguring and Monitoring Network Interfaces”). You can finally click OK to install the required packages, activate the firewall and enjoy your secure Internet connection.

[Tip] Managing Threats

Consult Section 10.8, “Firewall Black/White Lists, etc.” to learn how to manage threats and how to manage access black and white lists.