kfirewall 0.4.1
Created by Kim Andre Norheim, kim-nor@online.no
Version 0.4.2
1. Introduction
Welcome to kfirewall. This application uses ipchains
rules. kfirewall gives you the option to close a port for the rest of your
network or the internet. There is a list of the most commonly exploited
ports later. There is probably some qt and KDE guru out there who thinks
this application sucks, or that the code is poorly. I have to say that
I am not a very good coder, the kfirewall code may be poor, or/and bad
but it works (here anyway). So if you like it, use it, if not send me a
mail with things to change.
kfirewall starts with probing you loopback interface,
witch is no good. If you would add some rules to your LAN, use eth0, slip0
or plip0 (eth0 is ethernet, slip0 is serial line, plip0 is pararell line),
if you should protect your computer against the internet use ppp0, ippp0
(ppp0 for modem, and ippp0 for ISDN).
I would like to say that I am sorry about all
the mess with the version number. But I have thought it over, and I think
i will begin with three digits instead of two :)
2. Usage
2.1 Configuration
The configuration has been updated, all you have
to do to is insert your ethernet IP-address and your netmask. You can find
these options at the bottom left of the application.
2.2 Ports
These are the most commonly exploited ports (options
to close the Netbus and Back Orifice ports are provided and are wise to
choose if you run masquerading).
Port 20-21
This is the FTP port, it is safest to close
this. But if you use FTP for uploads, or you are running a download server
you should probably not close this.
Port 23
This is the telnet port, which you should keep
closed at all times. Many crackers sniff telnet passwords to penetrate
systems. Sniffit (and other ethernet sniffers) are applications which can
obtain the login and password a remote user is using. If you want your
computer to have remote login possibility use SSH.
Port 79
This is the finger port, remote users can use
this port to obtain information about all the users on your computer. If
you don't want this "feature" you can safely keep this port closed too.
Port 12345-12346
This is the default netbus ports, netbus is
a (script kiddie) trojan which can be used to take control over your computer.
I strongly recommend that these ports are closed at all times.
Port 31337
This is the default back orifice port, back
orifice is another (script kiddie) trojan that also take control over you
computer. I strongly recommended that this port also is closed at all times.
3. The Menu
3.1 Add/delete rules
Add rule will block the port you have specified
in the port input. Delete rule will open the port you have specified unless
the port is not blocked. You can't open a port witch isn't blocked :-)
3.2 Delete all rules
This is used to flush all the rules, to get a clean
and fresh start.
3.3 Masquerading on
Masquerading on means allow all connections from
your network to access the internet.
3.4 Masquerading entries
List all the current users witch is on the internet,
and list all the destination addresses that they are visiting.
3.5 List rules
This is a brand new option, witch will allow you
to view all the current rules in ipchains.
3.6 Probe interface
This is a autoprobe for you eth0 device, and only
the eth0 device. It will find your IP address and your netmask. If it doesn't
get you IP address, then configure it manually.
3.7 Clear list
This clears the rule list.
4. FAQ
4.1 Troubleshooting
If you get an error message like: "ipfchains died"
then there is something wrong (hehe). Check if ipchains in /sbin. If not
link ipchains from the current location to /sbin, you can do this with
the command: ln -s <where ipchains is located>/ipchains /sbin/ipchains
4.2 Can kfirewall handle more than one NIC?
No, not yet, but I plan to add that functionality
in a later version.
5. Thanks to
I will like to thank all the people who have sent
me mail, offered their help, and given me tips to make this application
good (i hope it is), and also helped translating it because I have made
a fool of myself trying to use the i18n function.
Robert E. Lee rlee@mailhost.access.com
Has provided me with some ipchains scripts,
witch I will try to include in the next versions. You can obtain these
scripts at http://www.enol.com/~rel/ipchains/
Geir Kristiansengeir37@online.no
Has provided spell checking (I have some bad
english :-)), and given me a lot of suggestions regarding kfirewall.
Christian Fernandezrek2@netnictco.net
Is translating kfirewall into Spanish.
Jannik "Bitkid" Nielsenbitkid@cyberjunkie.dk
Is translating kfirewall into Danish.
Thank you guys!