]>
Commit | Line | Data |
---|---|---|
54b8df1a MT |
1 | {% extends "../../base-feature.html" %} |
2 | ||
3 | {% block title %}{{ _("Firewall") }}{% end block %} | |
4 | ||
60024cc8 MT |
5 | {% block bodyA %} |
6 | <img src="{{ static_url("images/icons/firewall.png") }}" class="pull-right" alt="{{ _("Firewall") }}" /> | |
54b8df1a | 7 | |
60024cc8 MT |
8 | <div class="page-header"> |
9 | <h1>{{ _("Firewall") }}</h1> | |
10 | </div> | |
11 | ||
12 | <div class="row"> | |
13 | <div class="span9"> | |
14 | {% if lang == "de" %} | |
15 | <p> | |
16 | IPFire nutzt eine Stateful-Packet-Inspection-Firewall (SPI), | |
17 | welche auf das Linux Paketfilter-Framework <em>netfilter</em> aufsetzt. | |
18 | </p> | |
19 | <p> | |
20 | Während des IPFire Installationsprozesses, wird das Netzwerk in | |
21 | mehrere separate Segmente unterteilt. | |
22 | Dieses Sicherheitsschema impliziert einen perfekten Platz für | |
23 | jedes System im Netzwerk. | |
24 | Jedes Segment kann nach Bedarf zugeschaltet werden, abhängig vom | |
25 | Einsatzort und -zweck und alle Systeme in einem Segment werden | |
26 | mit der gleichen Sicherheitspolicy behandelt: | |
27 | </p> | |
28 | ||
29 | <table class="table table-striped table-bordered"> | |
30 | <tbody> | |
31 | <tr> | |
32 | <td style="background-color: green; color: white;"> | |
33 | <strong>Green</strong> | |
34 | </td> | |
35 | <td> | |
36 | Grün repräsentiert die "sichere" Zone. | |
37 | In diese Zone gelangen alle herkömmlichen | |
38 | Clients, welche meist mit dem Kabelnetzwerk | |
39 | verbunden sind. Von hier aus können die Clients | |
40 | uneingeschränkt auf alle anderen Zonen zugreifen. | |
41 | </td> | |
42 | </tr> | |
43 | <tr> | |
44 | <td style="background-color: red; color: white;"> | |
45 | <strong>Red</strong> | |
46 | </td> | |
47 | <td> | |
48 | Rot impliziert "Gefahr" - also die Verbindung zum | |
49 | Internet. | |
50 | Nichts von hier aus darf die Firewall passieren, | |
51 | außer dies ist explizit vom Administrator erlaubt. | |
52 | </td> | |
53 | </tr> | |
54 | <tr> | |
55 | <td style="background-color: darkblue; color: white;"> | |
56 | <strong>Blue</strong> | |
57 | </td> | |
58 | <td> | |
59 | Blau repräsentiert das drahtlose Segment des | |
60 | Netzwerks (aufgrund der Farbe des Himmels). | |
61 | Da Wireless-Clients von Natur aus ein größeres | |
62 | Gefahrenpotential sind, muss für jedes System | |
63 | in diesem Teil der Zugang zum Internet gesondert | |
64 | erlaubt werden. | |
65 | </td> | |
66 | </tr> | |
67 | <tr> | |
68 | <td style="background-color: orange; color: white;"> | |
69 | <strong>Orange</strong> | |
70 | </td> | |
71 | <td> | |
72 | Das orangene Netzwerk wird auch als demilitarisierte | |
73 | Zone (DMZ) bezeichnet. | |
74 | Alle Server, die aus dem Internet erreichbar sind | |
75 | gehören in dieses Netz um kein Sicherheitsrisiko | |
76 | für andere lokale Systeme zu sein. | |
77 | </td> | |
78 | </tr> | |
79 | </tbody> | |
80 | </table> | |
54b8df1a | 81 | |
60024cc8 MT |
82 | <p> |
83 | Zusätzlich zu den oben genannten Policies kann auch der ausgehende | |
84 | Netzwerkverkehr für jedes Segment geregelt werden. | |
85 | Diese Funktion gibt dem Netzwerkadministrator vollständige | |
86 | Kontrolle über das Netzwerk. | |
87 | </p> | |
88 | {% else %} | |
89 | <p> | |
90 | IPFire employs a Stateful Packet Inspection (SPI) firewall, | |
91 | which is built on top of netfilter (the Linux packet filtering framework). | |
92 | </p> | |
93 | <p> | |
94 | During the installation of IPFire, the network is configured into different, | |
95 | separate segments. | |
96 | This segmented security scheme means that there is a perfect place for each | |
97 | machine in the network. | |
98 | These different segments may be enabled separately, depending on your requirements. | |
99 | Each segment represents a group of computers who share a common security level: | |
100 | </p> | |
54b8df1a | 101 | |
60024cc8 MT |
102 | <table class="table table-striped table-bordered"> |
103 | <tbody> | |
104 | <tr> | |
105 | <td style="background-color: green; color: white;"> | |
106 | <strong>Green</strong> | |
107 | </td> | |
108 | <td> | |
109 | Green represents a "safe" area. | |
110 | This is where all regular clients will reside. | |
111 | It is usually comprised of a wired, local network. | |
112 | Clients on Green can access all other network | |
113 | segments without restriction. | |
114 | </td> | |
115 | </tr> | |
116 | <tr> | |
117 | <td style="background-color: red; color: white;"> | |
118 | <strong>Red</strong> | |
119 | </td> | |
120 | <td> | |
121 | Red indicates "danger" or the connection to the Internet. | |
122 | Nothing from Red is permitted to pass through the | |
123 | firewall unless specifically configured by the | |
124 | administrator. | |
125 | </td> | |
126 | </tr> | |
127 | <tr> | |
128 | <td style="background-color: darkblue; color: white;"> | |
129 | <strong>Blue</strong> | |
130 | </td> | |
131 | <td> | |
132 | Blue represents the "wireless" part of the local | |
133 | network (chosen because it's the color of the sky). | |
134 | Since the wireless network has the potential for abuse, | |
135 | it is uniquely identified and specific rules govern | |
136 | clients on it. | |
137 | Clients on this network segment must be explicitly | |
138 | allowed before they may access the network. | |
139 | </td> | |
140 | </tr> | |
141 | <tr> | |
142 | <td style="background-color: orange; color: white;"> | |
143 | <strong>Orange</strong> | |
144 | </td> | |
145 | <td> | |
146 | Orange is referred to as the "demilitarized zone" (DMZ). | |
147 | Any servers which are publicly accessible are separated | |
148 | from the rest of the network here to limit security | |
149 | breaches. | |
150 | </td> | |
151 | </tr> | |
152 | </tbody> | |
153 | </table> | |
54b8df1a | 154 | |
60024cc8 MT |
155 | <p> |
156 | Additionally, the firewall can be used to control outbound Internet | |
157 | access from any segment. | |
158 | This feature gives the network administrator complete control | |
159 | over how their network is configured and secured. | |
160 | </p> | |
161 | {% end %} | |
162 | </div> | |
314d46c8 MT |
163 | </div> |
164 | ||
60024cc8 MT |
165 | <hr> |
166 | ||
167 | <div class="well"> | |
168 | <h3>{{ _("Further reading") }}</h3> | |
169 | <ul> | |
170 | <li> | |
171 | <a href="http://wiki.ipfire.org/{{ lang }}/configuration/firewall/outgoingfirewall">{{ _("Outgoing firewall configuration") }}</a> | |
172 | </li> | |
173 | </ul> | |
54b8df1a | 174 | </div> |
60024cc8 MT |
175 | |
176 | <ul class="thumbnails"> | |
177 | <li class="span3"> | |
178 | <a class="thumbnail" href="{{ static_url("images/screenshots/en/firewall/edit-portfw-rule-1.png") }}"> | |
179 | <img src="{{ static_url("images/screenshots/en/firewall/edit-portfw-rule-1_thumb.png") }}" alt="{{ _("Screenshot") }}"> | |
180 | </a> | |
181 | </li> | |
182 | <li class="span3"> | |
183 | <a class="thumbnail" href="{{ static_url("images/screenshots/en/firewall/dmz-holes-1.png") }}"> | |
184 | <img src="{{ static_url("images/screenshots/en/firewall/dmz-holes-1_thumb.png") }}" alt="{{ _("Screenshot") }}"> | |
185 | </a> | |
186 | </li> | |
187 | <li class="span3"> | |
188 | <a class="thumbnail" href="{{ static_url("images/screenshots/en/firewall/connections-1.png") }}"> | |
189 | <img src="{{ static_url("images/screenshots/en/firewall/connections-1_thumb.png") }}" alt="{{ _("Screenshot") }}"> | |
190 | </a> | |
191 | </li> | |
192 | </ul> | |
54b8df1a | 193 | {% end block %} |