Skip to Content

防火墙与守护进程(Firewall and daemons)

sasaqqdan 的头像
Firewall and daemons
You should always have an active firewall. It allows you to controlwhat ports your PC uses to communicate with the Internet. Ideally, allports are closed.
Start "Menu | Setup | Linux-Firewall Wizard".

Go to the "default" entry using the Arrow Down key (this option closes all ports) and press Return.

Now you can check the firewall rules. Confirm the default ("Yes") with the Return key.


The line that reads "Performing sanity checks ..." should display "PASSED" now. Press the key you love best ...
... to get to the next dialogue. It allows you to activate the firewall rules.

Confirm the default ("Yes") with the Return key.

The firewall is now active. Hit Return to finish setup.
The "default" option you selected closes all ports. You can specifywhich ports should be left open using the Firewall Wizard's "custom"option. You should only open the ports you really need. If you use acertain port only occasionally, you should open it only when you needit. An open port is usually not a security risk per se. It only becomesvulnerable if your PC is running a service (a so-called "daemon") whichuses that port to listen for incoming requests. This is why you shouldnot run any daemons you do not need on your PC.
This is how to check for which ports are open and which services are running:
Install the Program nmap. Nmap is available as a PETget.
Open a shell and enter:
nmap localhost

This lists open ports. A home user without a home network of her ownshould have no open ports. The X11 service is open because it is theone responsible for the graphical desktop.
The following command gives you a list of which services are listening on which ports:
netstat -anp --ip

This list, too, should be empty except for the X11 port if you are ahome user who does not run a web server or a home network; i.e., noservices (daemons) should be running.
You can test your firewall at the Web site Shields Up!. Load the page and click the Proceed-button.
#3188

防火墙守护进程(Firewall and daemons)

配置防火墙


你最好总是有个防火墙开着,这能让你控制要用哪个端口去和因特网沟通。当然,最好是所有端口都关得紧紧的。

点击“菜单|设置|Linux防火墙配置向导”

用键盘上的方向键选中“default”(这个选项会关闭所有端口)并按回车。


现在检查一下防火墙规则,并按“Yes”确认。



"Performing sanity checks ..."这行显示的结果应该是"PASSED"^_^,按你贼喜欢的任意一个键屏幕就会显示新的对话框,这个能让你打开你的防火墙。


选择缺省的"Yes"回车确认。


防火墙现在弄好了,敲下回车确认配置完成。

你刚选择的"default"关闭了所有端口,当然你也可以选择配置向导的"custom"来打开你要开放的端口。你最好只而且只开放你需要的端口,如果你只是偶尔需要某个端口,那就在你需要时再打开它。正常情况下开着一个端口不会有什么特别的危险,除非你机子上有运行某些利用端口监听服务请求的网络服务(就是所谓的守护进程)。这也就是为什么你不要运行任何你不需要的守护进程。

如何检查有哪个端口或者服务在偷偷运行?

首先,安装nmap这个程序。这个可以从PETget安装。
其次,开个shell(就是开个虚拟终端窗口),输入
nmap localhost


这个就把开放的端口全部列出来了。没联网的家庭用户应该没开什么端口,之所以X11服务开着是因为得用它来为图形桌面服务。

下面这个命令将列出网络服务和所对应的端口:
netstat -anp --ip 


如果你是个没联网或者没搞什么网络服务的家庭用户,上面这张图显示的应该也是除了X11端口外没其他的了,也就是不应该有任何守护进程在运行。

如果你想测试下你的防火墙,你可以登陆Shields Up!,打开网页,点下“下一步”按钮看看。祝你好运!

发表新评论

  • 你可以在文本中使用BBCode标记语言。 URL会自动被转为链接。

更多关於格式化选项的信息

CAPTCHA
请验证您是否是机器人。
Image CAPTCHA
Enter the characters shown in the image.