Docs/SysAdmin/Networking/InteractiveFirewall
From Mandriva Community Wiki
Interactive Firewall is a framework designed to alert users from intrusions or any event happening on their network.
Contents |
[edit] Concept
The Mandriva Interactive Firewall monitors IP traffic and checks for traffic that it considers a potential security risk. When such traffic is detected, a brightly visible window with a warning message is popped up on the user's desktop and the message is stored in the log file of the Interactive Firewall.
[edit] User interface
[edit] The warning popup window
< text to be written>
[edit] The management window
The management window has three tabs:
- the Log tab displays and manages the list of warning messages issued by the interactive firewall; it has pushbuttons that serve for adding hosts to the blacklist and the whitelist of the interactive firewall;
- the Whitelist tab displays the list of hosts that the firewall will consider as safe, it will not issue warning messages for traffic from theses hosts;
- the Blacklist tab displays the list of hosts that figure in the blacklist of the interactive firewall; hosts in this list will be automatically purged from the list after one hour.
[edit] Preventing popup messages from the Interactive Firewall
In Mandriva 2008.1, it happens that the firewall considers some perfectly legitimate traffic as a security risk and issues its warning messages - which may be quite annoying and disruptive to the user. This Section proposes two alternatives how unwanted popup messages from the interactive firewall can be inhibited.
[edit] Disable the Interactive Firewall
- This approach is quite radical: it simply switches the interactive firewall off. Whether the interactive firewall is active nor not can be controlled in the setup process of the personal firewall. Take the following actions:
- Mandriva Control Center -> Security -> Setup your personal firewall.
- In the first window of the personal firewall, select the protocols you want the personal firewall to let pass, conclude by hitting OK.
- The second window looks like a confirmation of the first window, but the first checkbutton now allows to disable the interactive firewall - uncheck that button to inhibit the interactive firewall.
- Continue and complete the following steps of the setup process of the personal firewall.
[edit] Make traffic from specific hosts accepted without warnings ("whitelist")
There are several ways to add hosts to this whitelist or to remove them.
[edit] Using /usr/sbin/drakids
- Do the following sequence of steps:
- Become root and run /usr/sbin/drakids
- A the management window of the firewall will be displayed; it starts with a display of the log of the popup messages that have been issued by the interactive firewall.
- In this list, select (highlight) any message that concerns the host that you want to add to the whitelist.
- Click the "Whitelist" button in the bottom bar.
- If necessary, repeat for additional hosts to be whitelisted.
[edit] Using the "Process Attack" popup-window button
- Some of the warning messages that pop up on the desktop have a Process Attack button. If you hit that button, you are offered a choice of things to do - amongst other to add the offending host to the whitelist. After this kind of warning message, also the taskbar will have a flashing warning triangle. Hitting this triangle also brings you into the management window of the interactive firewall.
[edit] Manually editing the Whitelist
- The whitelist is a plain text file. It can be edited with any text editor, as long as you have root privileges. The contents of this file are one-line entries, one for each whitelisted host: its IP address or its name.
[edit] Configuration, files
- The netfilter matches are stored in /etc/ifw/rules
- The whitelist is stored in /etc/ifw/whitelist
- The blacklist is stored in /etc/ifw/blacklist
[edit] Documentation: Interactive Firewall 2006 project description
- This article provides some information on the design of the Interactive Firewall
