Manjaro - User contributions [en]

Firewalls/fr

2025-04-07T04:41:15Z

Charles-Elie: Created page with "Utiliser un pare-feu local est toujours une bonne pratique. Même si vous utiliser un pare-feu réseau, votre pare-feu local vous protège des menaces internes à votre réseau."

<languages/>
__TOC__

=Aperçu=

Utiliser un pare-feu local est toujours une bonne pratique. Même si vous utiliser un pare-feu réseau, votre pare-feu local vous protège des menaces internes à votre réseau.

=UFW=

UFW stands for Uncomplicated FireWall, and is a program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use. UFW is far simpler than iptables and a good place to start unless you have very specialized needs.

==Installer UFW==

You can install the {{ic|ufw}} package using you favorite package manager or the command:
{{UserCmd|command=pamac install ufw}}

Once UFW is installed you need to start and enable it using the commands:
{{UserCmd|command=sudo systemctl enable ufw.service}}
{{UserCmd|command=sudo ufw enable}}

{{warning|Don't enable both iptables.service and ufw.service}}

==Ajout d'une règle==

Pour afficher la configuration actuelle, vous pouvez utiliser la commande suivante : {{ic|ufw status}}. Voici à quoi cela ressemble dans une nouvelle installation :

{{UserCmdOutput|command=sudo ufw status verbose|result=
<pre>Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip</pre>
}}

Cela indique que le trafic entrant sera bloqué et que le trafic sortant sera autorisé. C'est un bon point de départ pour la plupart des systèmes de bureau. Cependant, il est souvent nécessaire d'autoriser une partie du trafic entrant. Pour ce faire, utilisez la commande suivante : {{ic|ufw allow}}.Par exemple, si nous voulons autoriser le trafic ssh entrant afin de pouvoir nous connecter à la machine à partir d'autres machines du réseau, nous pouvons utiliser la commande :
{{UserCmd|command=sudo ufw allow ssh}}

Si nous voulions également établir des connexions TCP vers un serveur Web local sur un port https 8443 (ce n'est pas le port standard pour https), nous pourrions utiliser la commande :
{{UserCmd|command=sudo ufw allow in 8443/tcp}}

{{tip|When you don't specify "in" or "out", "in" is assumed}}

==UFW and Applications==

You may notice a difference in the above two commands. When we built the rules for ssh we used the name and for https we used the port number, 8443. This is because UFW has a small database of applications it knows the ports for. You can see the list with the command:
{{UserCmd|command=sudo ufw app list}}

For applications on the list you can add them by name. If you want to review the configuration for one of the applications, you can use the command {{ic|ufw app info}}. For example, to the configuration for ssh:

{{UserCmdOutput|command=sudo ufw app info SSH|result=
<pre>Profile: SSH
Title: SSH server
Description: SSH server

Port:
22/tcp</pre>
}}

{{tip|When using ufw app the commands are case sensitive but when adding rules they are not}}

Some additional preconfigured applications can be added by installing the package {{ic|ufw-extras}} with your favorite package manager or the command:
{{UserCmd|command=pamac install ufw-extras}}

==Removing Rules==

Rules can be removed with the {{ic|ufw delete}} command. For example, to delete our 8443 rules we could use the command:
{{UserCmd|command=sudo ufw delete allow 8443/tcp}}

You can also delete them by number. This is easier if you have a numbered list which you can see with the command:

{{UserCmdOutput|command=sudo ufw status numbered|result=
<pre>Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 22 (v6) ALLOW IN Anywhere (v6)
</pre>}}

Now if we wanted to stop allowing ssh on ipv6 we could use the command:
{{UserCmd|command=sudo ufw delete 2}}

==GUFW==
[[File:gufw.jpg|thumb|left|240px]]

Prefer to use GUI applications and still want to manage your firewall? No problem. GUFW is a GTK front-end for UFW that aims to make managing a Linux firewall as accessible and easy as possible. It features pre-sets for common ports and p2p applications.

If it is not installed already gufw can be installed from the repos:
{{UserCmd|command=pamac install gufw}}

It will now be available in the menu as '''Firewall Configuration''' or by running {{ic|gufw}} directly.
<div style="clear: both"></div>

=iptables=

iptables is included as part of the Linux kernel. iptables is significantly more complicated than using a tool like UFW. As a result, a full tutorial on iptables is beyond the scope of this wiki. Using iptables on Manjaro should be the same for every distribution of Linux so there is plenty of available documentation. Some of this is linked [[Firewalls#See_Also|below]]. Here are some basics to get you started.

To enable loading rules on startup you can use the command:
{{UserCmd|command=sudo systemctl enable iptables.service}}

This will load the rules from the file {{ic|/etc/iptables/iptables.rules}}.

To display the currently loaded rules:
{{UserCmd|command=sudo iptables -L}}

To save the current rules to a file
{{UserCmd|command=sudo sh -c "iptables-save > /etc/iptables/iptables.rules"}}

To load the rules from a file
{{UserCmd|command=sudo sh -c "iptables-restore > /etc/iptables/iptables.rules"}}

To allow ssh connections
{{UserCmd|command=sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT}}
{{UserCmd|command=sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT}}

=See Also=
* The Arch Wiki on [https://wiki.archlinux.org/index.php/Ufw UFW]
* The [https://help.ubuntu.com/community/UFW UFW website]
* The [http://gufw.org/ GUFW website]
* The [https://linux.die.net/man/8/iptables iptables man page]
* The Arch Wiki on [https://wiki.archlinux.org/index.php/iptables iptables]
* The Debian Wiki on [https://wiki.debian.org/iptables iptables]

[[Category:Contents Page{{#translation:}}]]
[[Category:Security{{#translation:}}]]

Firewalls/fr

2025-04-07T04:40:51Z

Charles-Elie: Created page with "Pare-feux"

<languages/>
__TOC__

=Overview=

Running a local firewall is almost always a good practice. Even when you are behind a network firewall, a local firewall protects you from threats on the inside of your network.

=UFW=

UFW stands for Uncomplicated FireWall, and is a program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use. UFW is far simpler than iptables and a good place to start unless you have very specialized needs.

==Installing UFW==

You can install the {{ic|ufw}} package using you favorite package manager or the command:
{{UserCmd|command=pamac install ufw}}

Once UFW is installed you need to start and enable it using the commands:
{{UserCmd|command=sudo systemctl enable ufw.service}}
{{UserCmd|command=sudo ufw enable}}

{{warning|Don't enable both iptables.service and ufw.service}}

==Adding Rules==

To view the current configuration you can use the command {{ic|ufw status}}. Here is what it looks like in a new install:

{{UserCmdOutput|command=sudo ufw status verbose|result=
<pre>Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip</pre>
}}

This indicates that it will block all incoming traffic and allow all outgoing traffic. This is a good starting point for most desktop systems. However, often we will want to allow some incoming traffic. This can be done with the command {{ic|ufw allow}}. For example, if we want to allow incoming ssh traffic so we can connect to the machine from other machines on the network we could use the command:
{{UserCmd|command=sudo ufw allow ssh}}

If we wanted to also tcp connections to a local webserver on a non-standard https port, 8443. We could use the command:
{{UserCmd|command=sudo ufw allow in 8443/tcp}}

{{tip|When you don't specify "in" or "out", "in" is assumed}}

==UFW and Applications==

You may notice a difference in the above two commands. When we built the rules for ssh we used the name and for https we used the port number, 8443. This is because UFW has a small database of applications it knows the ports for. You can see the list with the command:
{{UserCmd|command=sudo ufw app list}}

For applications on the list you can add them by name. If you want to review the configuration for one of the applications, you can use the command {{ic|ufw app info}}. For example, to the configuration for ssh:

{{UserCmdOutput|command=sudo ufw app info SSH|result=
<pre>Profile: SSH
Title: SSH server
Description: SSH server

Port:
22/tcp</pre>
}}

{{tip|When using ufw app the commands are case sensitive but when adding rules they are not}}

Some additional preconfigured applications can be added by installing the package {{ic|ufw-extras}} with your favorite package manager or the command:
{{UserCmd|command=pamac install ufw-extras}}

==Removing Rules==

Rules can be removed with the {{ic|ufw delete}} command. For example, to delete our 8443 rules we could use the command:
{{UserCmd|command=sudo ufw delete allow 8443/tcp}}

You can also delete them by number. This is easier if you have a numbered list which you can see with the command:

{{UserCmdOutput|command=sudo ufw status numbered|result=
<pre>Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 22 (v6) ALLOW IN Anywhere (v6)
</pre>}}

Now if we wanted to stop allowing ssh on ipv6 we could use the command:
{{UserCmd|command=sudo ufw delete 2}}

==GUFW==
[[File:gufw.jpg|thumb|left|240px]]

Prefer to use GUI applications and still want to manage your firewall? No problem. GUFW is a GTK front-end for UFW that aims to make managing a Linux firewall as accessible and easy as possible. It features pre-sets for common ports and p2p applications.

If it is not installed already gufw can be installed from the repos:
{{UserCmd|command=pamac install gufw}}

It will now be available in the menu as '''Firewall Configuration''' or by running {{ic|gufw}} directly.
<div style="clear: both"></div>

=iptables=

iptables is included as part of the Linux kernel. iptables is significantly more complicated than using a tool like UFW. As a result, a full tutorial on iptables is beyond the scope of this wiki. Using iptables on Manjaro should be the same for every distribution of Linux so there is plenty of available documentation. Some of this is linked [[Firewalls#See_Also|below]]. Here are some basics to get you started.

To enable loading rules on startup you can use the command:
{{UserCmd|command=sudo systemctl enable iptables.service}}

This will load the rules from the file {{ic|/etc/iptables/iptables.rules}}.

To display the currently loaded rules:
{{UserCmd|command=sudo iptables -L}}

To save the current rules to a file
{{UserCmd|command=sudo sh -c "iptables-save > /etc/iptables/iptables.rules"}}

To load the rules from a file
{{UserCmd|command=sudo sh -c "iptables-restore > /etc/iptables/iptables.rules"}}

To allow ssh connections
{{UserCmd|command=sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT}}
{{UserCmd|command=sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT}}

=See Also=
* The Arch Wiki on [https://wiki.archlinux.org/index.php/Ufw UFW]
* The [https://help.ubuntu.com/community/UFW UFW website]
* The [http://gufw.org/ GUFW website]
* The [https://linux.die.net/man/8/iptables iptables man page]
* The Arch Wiki on [https://wiki.archlinux.org/index.php/iptables iptables]
* The Debian Wiki on [https://wiki.debian.org/iptables iptables]

[[Category:Contents Page{{#translation:}}]]
[[Category:Security{{#translation:}}]]

Translations:Firewalls/12/fr

2025-03-29T13:48:15Z

Charles-Elie: Created page with "Si nous voulions également établir des connexions TCP vers un serveur Web local sur un port https 8443 (ce n'est pas le port standard pour https), nous pourrions utiliser la..."

Si nous voulions également établir des connexions TCP vers un serveur Web local sur un port https 8443 (ce n'est pas le port standard pour https), nous pourrions utiliser la commande :
$usercmd5

Translations:Firewalls/11/fr

2025-03-29T13:45:55Z

Charles-Elie: Created page with "Cela indique que le trafic entrant sera bloqué et que le trafic sortant sera autorisé. C'est un bon point de départ pour la plupart des systèmes de bureau. Cependant, il e..."

Cela indique que le trafic entrant sera bloqué et que le trafic sortant sera autorisé. C'est un bon point de départ pour la plupart des systèmes de bureau. Cependant, il est souvent nécessaire d'autoriser une partie du trafic entrant. Pour ce faire, utilisez la commande suivante : {{ic|ufw allow}}.Par exemple, si nous voulons autoriser le trafic ssh entrant afin de pouvoir nous connecter à la machine à partir d'autres machines du réseau, nous pouvons utiliser la commande :
$usercmd4

Translations:Firewalls/38/fr

2025-03-29T13:44:25Z

Charles-Elie: Created page with "$usercmdoutput1"

$usercmdoutput1

Translations:Firewalls/10/fr

2025-03-29T13:44:17Z

Charles-Elie: Created page with "Pour afficher la configuration actuelle, vous pouvez utiliser la commande suivante : {{ic|ufw status}}. Voici à quoi cela ressemble dans une nouvelle installation :"

Pour afficher la configuration actuelle, vous pouvez utiliser la commande suivante : {{ic|ufw status}}. Voici à quoi cela ressemble dans une nouvelle installation :

Translations:Firewalls/9/fr

2025-03-29T13:43:36Z

Charles-Elie: Created page with "==Ajout d'une règle=="

==Ajout d'une règle==

Translations:Firewalls/5/fr

2025-03-29T13:43:01Z

Charles-Elie: Created page with "==Installer UFW=="

==Installer UFW==

Translations:Firewalls/3/fr

2025-03-29T13:42:14Z

Charles-Elie: Created page with "=UFW="

=UFW=

Translations:Firewalls/2/fr

2025-03-29T13:50:00Z

Utiliser un pare-feu local est toujours une bonne pratique. Même si vous utiliser un pare-feu réseau, votre pare-feu local vous protège des menaces internes à votre réseau.

Translations:Firewalls/1/fr

2025-03-29T13:41:28Z

Charles-Elie: Created page with "=Aperçu="

=Aperçu=

Translations:Firewalls/Page display title/fr

2025-03-29T13:52:02Z

Charles-Elie: Created page with "Pare-feux"

Pare-feux