Using Firewall Genie
Setting up a firewall need not be a daunting experience for the casual user. For most uses you can simply click the Use Defaults button which will block all incoming connections to your computer while allowing outgoing connections for web browsing, email, chat, and so forth. The firewall is a bash script that uses netfilter/iptables to secure your computer. After the firewall is configured, it will be located at /etc/rc.d/rc.firewall if you would like to take a look at it. If you are installing the firewall for the first time your rc.local script will be modified to start the firewall when your computer is started. Your original rc.local file will be saved as rc.local.old.
Custom firewall settings
Custom settings come into play when you need to allow computers to connect to your machine for a valid reason, such as sharing files or running multi-player games. The upper section of the firewall setup dialog contains a few common service ports used in Linux. Checking one or more of these will allow any computer access to your machine through that port.
The lower section of the firewall setup dialog contains an entry box, labeled 'Specify Ports
and/or Computers', where you may define which computer(s) may access which port(s). Entering the settings is a little more complicated, but still easy to do.
To allow any computer access to a port or range of ports use this format:
<port or port-range>[<protocol>]
Example entry: 901
This will open up port 901 for both TCP and UDP, to ANY computer.
Example entry: 901/tcp 92
This will open up port 901 for TCP, and port 92 for both TCP and UDP, to ANY computer.
To restrict access to specific computers, use the format:<host or network address>[<netmask>]:<port or port-range>[<protocol>]
Example entry: 192.168.0.0/16:80/tcp
This will allow web traffic (port 80 TCP) from 192.168.*.* (all computers on a local area network)
Entries can be combined onto a single line, with each entry separated by a single space.
Example entry: 192.168.0.0/16:80/tcp 901/tcp 4100
More advanced options are available
There are other settings that can be made to the firewall, but you will have to edit the rc.firewall script by hand in a text editor. The script contains additional information for settings that are not included in Firewall Genie. NOTE WELL: If you have edited rc.firewall by hand and re-run Firewall Genie, then your hand made changes will not be preserved in the new firewall configuration if you choose to Save the new settings. Your existing rc.firewall will be saved as rc.firewall.old. If you already have a rc.firewall.old file, it will be overwritten.