Subtitles of the Movie

Now that we've set up our network connections, let's look at configuring some basic firewall settings. Basic firewall configuration is extremely easy to do in openSUSE and we can do that with YaST, of course and the reason we might want to set up our basic firewall, uh, configuration is that now that we've connected to the network, whether it be an internal network or the Internet, we need to be able to protect our computer from the threats that are out there and turning on your firewall can help you do just that. We're going to look at just some of the basic options. Some of the more advanced options we'll gloss over, but we'll talk about them in a later part of the course. The basic configuration options we'll talk about right now include turning the firewall on or off, which is very important, assigning your different network interfaces to zones in the firewall, allowing services, because you need to decide what's allowed and what's not allowed in and out of your computer. We'll also look at how to do masquerading. Now, masquerading is where your computer actually hides the internal IP addresses of internal clients if you have more than one network card installed in the computer. So essentially, your computer is acting as a firewall. Some of the advanced options that you can, uh, configure in YaST for your firewall include IPSec support, or IP security. This is essentially where you configure your computer to transmit encrypted information across the network and it needs to be able to be configured properly so it can communicate with other computers that run IPSec also. We can also control our broadcasts in terms of what's allowed to go out on the different, uh, zones within the firewall, whether it's the external zone, internal zone and so forth. We can also configure custom rules and these can get kind of complicated. Uh, we'll talk about those a little bit later in the course, but essentially you can configure custom rules to more granully tune what's allowed in and out and to what extent. Let's look at a quick demonstration in YaST of how to configure just the basic firewall configuration options that we need to learn. Alright, we're in the YaST control center and in order to get to security and users, I just clicked on the security and users button on the left and it highlights all the security and users options that we may want to configure. And some of these we'll talk about a little bit later. But let's, right now, look at the firewall options. When, uh, the firewall configuration comes up, there's some, uh, options on the left-hand side here that we can look at configuring and we'll talk about each of those. Uh, for service start, we can basically enable or disable the firewall. Uh, we can keep it from, uh, automatically starting or not. Now, right now we see the current status is the firewall is running and we can stop and start the firewall, uh, whenever we, we like. If we're troubleshooting, for example, we may want to stop it to figure out why a particular application isn't working through the firewall and we can save our settings and restart the firewall. Anytime you make changes to the firewall, that's probably a pretty good idea to save the settings and restart it to make sure everything's working alright. That was startup. If we click on interfaces, we can see the different interfaces we have installed in the computer and we can configure them for the basic zones and there are several different zones we can have configured in the firewall, such as the external zone. That's anything that connects to the Internet or whatever we deem to be the external zone, uh, of our firewall, or an internal zone. You may have, uh, multiple network cards and one of them may connect to the external, untrusted zone and one of them may connect to the internal or trusted zone. But we can change those anytime we like. Allowed services basically allows you to, uh, allow services in or out of the computer, such as the DCP, DHCP client, for example and we can use that to allow DHCP, uh, information to come to the computer instead of being blocked. So that's probably something you definitely want to allow. Masquerading is again where we would basically, uh, masquerade an internal address space and hide it from the external network. Now, in order to masquerade, you need at least one external interface and one, uh, internal interface, uh, an additional interface that we'll call internal interface and then we configure the network to be masqueraded and we could redirect requests to an IP address that's not visible. For example, um, if we get a particular protocol in on a particular port, we could, uh, redirect that to an internal client and the outside network would never know that it was redirected and it wouldn't know who that traffic was going to so we could hide our internal IP address space from that. Some of the different advanced options that we can look at include broadcast control. We can determine whether or not we want to, uh, allow broadcasts on the internal zone, the DMZ or demilitarized zone and on the external zone. We can also determine whether we want those logged. Now, this is something you may want to think about before you configure because if broadcasts aren't allowed on a particular zone, there may be services that rely on broadcasts that you may not be able to use. Some more advanced options include IPSec support, and we'll look at that a little bit later in the course, the logging level, which you definitely want to log, uh, packets that are dropped and accepted in the firewall and finally, custom rules and we'll talk about custom rules a little bit later on in the course as well because they require a little bit of advanced knowledge in order to make them work. That's essentially all there is to configuring the basic firewall, uh, configuration options in YaST. And again, we'll go over some of the more advanced options a little bit later on in the course.