防火墙与守护进程(Firewall and daemons)
Firewall and daemons
You should always have an active firewall. It allows you to controlwhat ports your PC uses to communicate with the Internet. Ideally, allports are closed.
Start "Menu | Setup | Linux-Firewall Wizard".
Go to the "default" entry using the Arrow Down key (this option closes all ports) and press Return.
Now you can check the firewall rules. Confirm the default ("Yes") with the Return key.
The line that reads "Performing sanity checks ..." should display "PASSED" now. Press the key you love best ...
... to get to the next dialogue. It allows you to activate the firewall rules.
Confirm the default ("Yes") with the Return key.
The firewall is now active. Hit Return to finish setup.
The "default" option you selected closes all ports. You can specifywhich ports should be left open using the Firewall Wizard's "custom"option. You should only open the ports you really need. If you use acertain port only occasionally, you should open it only when you needit. An open port is usually not a security risk per se. It only becomesvulnerable if your PC is running a service (a so-called "daemon") whichuses that port to listen for incoming requests. This is why you shouldnot run any daemons you do not need on your PC.
This is how to check for which ports are open and which services are running:
Install the Program nmap. Nmap is available as a PETget.
Open a shell and enter:
nmap localhost
This lists open ports. A home user without a home network of her ownshould have no open ports. The X11 service is open because it is theone responsible for the graphical desktop.
The following command gives you a list of which services are listening on which ports:
netstat -anp --ip
This list, too, should be empty except for the X11 port if you are ahome user who does not run a web server or a home network; i.e., noservices (daemons) should be running.
You can test your firewall at the Web site
Shields Up!. Load the page and click the Proceed-button.