Git commit 0db4fd2e7226a7b3def151bd929a49e854492a03 by Yuri Chornoivan. Committed on 20/10/2013 at 08:39. Pushed by yurchor into branch 'master'.
Fix EBN and some hints in interface, add formatting to the docbook M +21 -26 doc/index.docbook M +2 -2 kcm/strings.cpp http://commits.kde.org/ufw-kde/0db4fd2e7226a7b3def151bd929a49e854492a03 diff --git a/doc/index.docbook b/doc/index.docbook index 6171066..58fedd4 100644 --- a/doc/index.docbook +++ b/doc/index.docbook @@ -22,15 +22,10 @@ <keyword>ufw</keyword> <keyword>firewall</keyword> </keywordset> - - <!-- Put here the FDL notice. Read the explanation in fdl-notice.docbook - and in the FDL itself on how to use it. - <legalnotice>&FDLNotice;</legalnotice> - --> </articleinfo> <sect1 id="introduction"> <title>Introduction</title> - <para>This module allows you to control the settings of the 'Uncomplicated FireWall' (UFW), which is a command line frontend to the default Linux firewall (IP-Tables).</para> + <para>This module allows you to control the settings of the <application>Uncomplicated FireWall</application> (UFW), which is a command line frontend to the default &Linux; firewall (IP-Tables).</para> </sect1> <sect1 id="howtheywork"> @@ -51,7 +46,7 @@ Logs are also really important when the firewall got cracked and you want to know how. In that you would have a much harder life if you hadn't activeted the logging functions so that you can see what has happend and how the configuration could be improved. </para> <para> - Most people think about firewalls as just being used to block traffic from the Internet to your host, but you may also configure your firewall to restrict the Internet access. For example you may block some well known porn sites on your Children's PC, or you just want to allow e-mail and Web browsing in your office but you don't want your employees to be able to download files via FTP. </para> + Most people think about firewalls as just being used to block traffic from the Internet to your host, but you may also configure your firewall to restrict the Internet access. For example you may block some well known porn sites on your Children's PC, or you just want to allow email and Web browsing in your office but you don't want your employees to be able to download files via &FTP;. </para> <para> All the things described are really easy to implement with UFW once you have understood how it works. </para> @@ -77,7 +72,7 @@ <sect2 id="logging"> <title>Logging</title> - <para>The general logging of the firewall may be set using the <quote>Logging level</quote> setting. This can be set to one of + <para>The general logging of the firewall may be set using the <guilabel>Logging level</guilabel> setting. This can be set to one of the following values: <orderedlist> <!--I have contacted the person who wrote the UFW man page and learned from him that rate limiting here means simply limiting the number of dublicate entries. Corrected the below to make that clear, hope my english is understandable.--> @@ -99,8 +94,8 @@ <sect1 id="rules"> <title>Rules</title> <para>UFW functions by being provided a list of rules as to which ports/services show be allowed or blocked. Rules provide exceptions to the default policies.</para> - <para>For example, you may want to configure your computer to not be accessible from the internet in case it connects directly to the world wide web with a public IP address, but you may want the computer to be open to all connections from local intranets and also to allow for ssh connection from anywhere (both local and internet). In such a case you will want to set default policy to 'deny', but then add rules to allow incoming ssh connections and connections from the default local network address spaces. <!--DONATO - ?itam reikia pavyzd?io step by step gale!--> </para> - <para>Rule ordering is important and the first match wins. Therefore when adding rules, add the more specific rules first with more general rules later. Rules may be re-ordered via the <quote>Move Up / Move Down</quote> buttons, or by drag-n-drop of the entries in the rules list.</para> + <para>For example, you may want to configure your computer to not be accessible from the Internet in case it connects directly to the world wide web with a public IP address, but you may want the computer to be open to all connections from local intranets and also to allow for ssh connection from anywhere (both local and internet). In such a case you will want to set default policy to 'deny', but then add rules to allow incoming ssh connections and connections from the default local network address spaces. <!--DONATO - ?itam reikia pavyzd?io step by step gale!--> </para> + <para>Rule ordering is important and the first match wins. Therefore when adding rules, add the more specific rules first with more general rules later. Rules may be re-ordered via the <guibutton>Move Up</guibutton> / <guibutton>Move Down</guibutton> buttons, or by drag-n-drop of the entries in the rules list.</para> <sect2 id="add_and_edit_rules"> <title>Adding and Editing Rules</title> <para>There are two <quote>modes</quote> to add, and edit, rules: @@ -125,8 +120,8 @@ <listitem><para><quote>Direction</quote> - indicates the direction of the connection.</para></listitem> <listitem><para><quote>Port</quote> - this is used to define the port, or ports, to be controlled. There are two options for this: <orderedlist> - <listitem><para>Manually entering a port number. There is a text field that allows you to enter one, or more, port numbers - or a range of port numbers. (Ranges are of the form <quote>from:to</quote>, e.g. <quote>123:456</quote>)</para></listitem> - <listitem><para>Below the text field, there is a drop down list containing a set of pre-defined services, applications, and UFW application profile names.</para></listitem> + <listitem><para>Manually entering a port number. There is a text field that allows you to enter one, or more, port numbers - or a range of port numbers. (Ranges are of the form <quote>from:to</quote>, ⪚ <quote>123:456</quote>)</para></listitem> + <listitem><para>Below the text field, there is a drop down box containing a set of pre-defined services, applications, and UFW application profile names.</para></listitem> </orderedlist></para> </listitem> <listitem><para><quote>Protocol</quote> - sets the type of port that will be controlled. (This setting is only applicable when the port number is to be entered manually)</para> @@ -146,7 +141,7 @@ <listitem><para><quote>Description</quote> - a textual description of the rule.</para></listitem> </orderedlist> </para> - <para>The <quote>Advanced</quote> mode will allow you to specify any combination of; source address, source port, destination address, and destination port - as well as specifying the network interface (e.g. wlan0, eth0, etc.) to apply the rule on. Addresses my be either; an IP address (e.g. 192.168.1.100), or subnet (e.g. 192.168.1.0/24).</para> + <para>The <quote>Advanced</quote> mode will allow you to specify any combination of; source address, source port, destination address, and destination port - as well as specifying the network interface (⪚ wlan0, eth0, &etc;) to apply the rule on. Addresses my be either; an IP address (⪚ 192.168.1.100), or subnet (⪚ 192.168.1.0/24).</para> </sect2> <sect2 id="ipv6_rules"> <title>IPv6 Rules</title> @@ -177,7 +172,7 @@ <sect1 id="modules"> <title>Modules</title> <para>UFW supports loading of IP-Tables kernel modules to improve its functionality. The currently supported modules on your system - will be listed in the <quote>Modules</quote> section. Each enabled module is indicated with a checkmark.</para> + will be listed in the <guilabel>Modules</guilabel> section. Each enabled module is indicated with a checkmark.</para> <para>There are two types of modules: <orderedlist> <listitem><para><quote>Connection tracking</quote> - is the ability to maintain connection state information (such as source and @@ -265,9 +260,9 @@ Direction: Incoming; Port: Secure Shell. </literallayout> - <para>As for the logging, you can choose to log "New Connections". The "Description" field is optional, and useful only when you enter some rule including port numbers and IP addresses that you can forget the meaning of. </para> + <para>As for the logging, you can choose to log <guimenuitem>New connections</guimenuitem>. The <guilabel>Description</guilabel> field is optional, and useful only when you enter some rule including port numbers and IP addresses that you can forget the meaning of. </para> - <para>Once you have done all of this, click "Add". Now you have the first rule in place! The dialog remains open so you can start filling the next rule right away.</para> + <para>Once you have done all of this, click <guibutton>Add</guibutton>. Now you have the first rule in place! The dialog remains open so you can start filling the next rule right away.</para> <mediaobject> <imageobject> @@ -292,9 +287,9 @@ Port: Secure Shell. </screen> -<para>in the Konsole window (change dropbox to the program you are investigating).</para> +<para>in the &konsole; window (change dropbox to the program you are investigating).</para> -<para>To open Dropbox LAN sync ports, click the button "Add", select the type "Simple", and fill in: </para> + <para>To open Dropbox LAN sync ports, click the button <guibutton>Add</guibutton>, select the type <guimenuitem>Simple</guimenuitem>, and fill in: </para> <literallayout>Policy: Allow; Direction: Incoming; @@ -311,7 +306,7 @@ Port: 17500. </literallayout> </textobject> </mediaobject> -<para>Now, you can also get extra security by restricting the access to the Dropbox LAN sync port to only your laptop, which, remember, is constantly given the same IP address 192.168.1.111 by the router. So, You can choose to limit access to that particular IP address. In that case, choose the rule type "Advanced", and fill in:</para> + <para>Now, you can also get extra security by restricting the access to the Dropbox LAN sync port to only your laptop, which, remember, is constantly given the same IP address 192.168.1.111 by the router. So, You can choose to limit access to that particular IP address. In that case, choose the rule type <guimenuitem>Advanced</guimenuitem>, and fill in:</para> <literallayout>Policy: Allow; Direction: Incoming; @@ -334,7 +329,7 @@ Description: "Dropbox LAN sync / one address"</literallayout> <title>Samba</title> -<para>To add Samba, go the same route as with ssh. Make a new rule of type "Simple" and fill in:</para> + <para>To add Samba, go the same route as with ssh. Make a new rule of type <guimenuitem>Simple</guimenuitem> and fill in:</para> <literallayout>Policy: Allow; Direction: Incoming; @@ -348,7 +343,7 @@ Port: Samba;</literallayout> </textobject> </mediaobject> -<para>Now, Samba is a service that likes to open quite random ports on each connection, so you will probably need to enable advanced functionality in the firewall ? i.e. the NetBIOS (which is a subset of Samba) kernel module. To do so, click the "Modules" tab and check the checkbox "Connection Tracking" for NetBIOS. For an explanation of what a module does, see the "Modules" section of this handbook.</para> + <para>Now, Samba is a service that likes to open quite random ports on each connection, so you will probably need to enable advanced functionality in the firewall ? &ie; the NetBIOS (which is a subset of Samba) kernel module. To do so, click the <guilabel>Modules</guilabel> tab and check the check box <guilabel>Connection Tracking</guilabel> for NetBIOS. For an explanation of what a module does, see the <link linkend="modules">Modules section</link> of this handbook.</para> <mediaobject> <imageobject> @@ -359,7 +354,7 @@ Port: Samba;</literallayout> </mediaobject> - <para>You can also further modify the rules that were added for Samba, to make your Samba shares only possible to access from your notebook computer. In order to do that, you need to open the two rules that were created by the previous action (separate rules were created for TCP and for the UDP ports), change the rule type to "Advanced", and enter the IP address of your laptop (192.168.1.111) to the "Source [Address]" field (just like we did with Dropbox LAN sync rule, only here we have to modify two rules).</para> + <para>You can also further modify the rules that were added for Samba, to make your Samba shares only possible to access from your notebook computer. In order to do that, you need to open the two rules that were created by the previous action (separate rules were created for TCP and for the UDP ports), change the rule type to <guimenuitem>Advanced</guimenuitem>, and enter the IP address of your laptop (192.168.1.111) to the <guilabel>Source [Address]</guilabel> field (just like we did with Dropbox LAN sync rule, only here we have to modify two rules).</para> </sect3> @@ -404,11 +399,11 @@ Two rules for TCP and UDP ports will be added as the result.</para> <title>Notebook case</title> -<para>When configuring the notebook, you will need to mirror the configuration you have created, changing just minor details ? the IP addresses in the Dropbox and Samba rules from 192.168.1.111 to 192.168.1.122. So, to make things simple, you can export the rules from workstation to a file (use the "Profiles" menu), and then import the rules to the notebook and edit the above mentioned IP addresses.</para> + <para>When configuring the notebook, you will need to mirror the configuration you have created, changing just minor details ? the IP addresses in the Dropbox and Samba rules from 192.168.1.111 to 192.168.1.122. So, to make things simple, you can export the rules from workstation to a file (use the <guimenu>Profiles</guimenu> menu), and then import the rules to the notebook and edit the above mentioned IP addresses.</para> <para>Now you have a configuration for your home network. What about the other locations, like the network at your workplace, or the broadband connection you have when you visit your mother? If you, for example, want a very different configuration at a different place, do you have to manually delete and add rules each time?</para> -<para>That would be tedious, so you have an option to save the home configuration into a profile (lets call it "Home") and then create another configuration for "Work" and still another for "Mum's home". You can also create profiles for different activities you might engage in, like gaming (opening selected ports for games). To create and switch profiles, you can use the options available under the "Profiles" menu. That makes switching profiles when moving around or changing activities quite easy.</para> + <para>That would be tedious, so you have an option to save the home configuration into a profile (lets call it "Home") and then create another configuration for "Work" and still another for "Mum's home". You can also create profiles for different activities you might engage in, like gaming (opening selected ports for games). To create and switch profiles, you can use the options available under the <guimenu>Profiles</guimenu> menu. That makes switching profiles when moving around or changing activities quite easy.</para> </sect2> </sect1> @@ -417,9 +412,9 @@ Two rules for TCP and UDP ports will be added as the result.</para> <title>Further reading</title> - <para>For more details on using UFW please see <ulink url="man:/usr/share/man/man8/ufw.8.gz">man ufw</ulink>. + <para>For more details on using UFW please see <ulink url="man:/ufw">man ufw</ulink>. </para> - <para>For more details on using IP-Tables based firewalls please see <ulink url="man:/usr/share/man/man8/iptables.8.gz">man iptables</ulink>. + <para>For more details on using IP-Tables based firewalls please see <ulink url="man:/iptables">man iptables</ulink>. </para> </sect1> </article> diff --git a/kcm/strings.cpp b/kcm/strings.cpp index 87e32a9..1d30db2 100644 --- a/kcm/strings.cpp +++ b/kcm/strings.cpp @@ -69,8 +69,8 @@ QString loggingInformation() { return i18n("<p>Per rule logging.</ul>" "<li><i><b>None</b></i> no logging is performed when a packet matches a rule.</li>" - "<li><i><b>New</b></i> will log all new connections matching a rule.</li>" - "<li><i><b>All</b></i> will log all packets matching a rule.</li>" + "<li><i><b>New connections</b></i> will log all new connections matching a rule.</li>" + "<li><i><b>All packets</b></i> will log all packets matching a rule.</li>" "</ul></p>"); }
