RedHat Linux provides firewall protection to increase system security. A firewall exists between your computer and the network to determine which resources on your computer are accessible to remote users on the network. A correctly configured firewall can greatly increase your system security.
Select the appropriate security level for your system.
「 Advanced 」
If you select "advanced", your system will not accept connections not specified by you except the default settings ). Only the following connections are allowed by default:
DNS response
DHCP-any network interface using DHCP can be configured accordingly.
If you select "advanced", your firewall will not allow the following connections:
1. active FTP the Passive FTP used by default in most clients should be able to run normally .)
2. irc dcc File Transfer
3. RealAudio
4. remote X Window System Client
If you want to connect your system to the Internet but do not plan to run the server, this is the safest choice. If you need additional services, you can select "Custom" to specify the services allowed through the firewall.
Note: If you select to set up an intermediate or advanced firewall during installation, the Network Authentication Methods NIS and LDAP will not work.
Intermediate 」
If you select "intermediate", your firewall will not allow your system to access certain resources. Access to the following resources is not allowed by default:
1. Ports lower than 1023-these are standard ports to be retained and are mainly used by some system services, such as FTP, SSH, telnet, HTTP, and NIS.
2. NFS server port 2049)-NFS is disabled on both the remote server and local client.
3. The local X Window System for remote X clients is displayed.
4. X Font Server Port xfs does not listen in the network; it is disabled by default on the font server ).
If you want to allow access to resources such as RealAudio but still block access to common system services, select "intermediate 」. You can select "Custom" to allow specific services to pass through the firewall.
Note: If you select to set up an intermediate or advanced firewall during installation, the Network Authentication Methods NIS and LDAP will not work.
「 No firewall 」
No firewall provides full access and does not perform any security checks. Security checks disable certain services. We recommend that you select this option only when running on a trusted non-Internet network, or if you want to perform detailed firewall configuration later.
Select "Custom" to add a trusted device or allow other access interfaces.
「 Trusted devices 」
Selecting a trusted device will allow your system to accept all traffic from this device. It is not restricted by firewall rules. For example, if you are running a LAN but connect to the Internet through PPP dialing, you can select "eth0", and then all traffic from your LAN will be allowed. Selecting "eth0" as "trusted" means that all traffic over the Ethernet is allowed, but the ppp0 interface still has firewall restrictions. If you want to restrict traffic on an interface, do not select it.
We recommend that you do not set devices connected to public networks such as the Internet as "trusted devices 」.
Allow access 」
Enabling these options will allow specific services to pass through the firewall. Note: In workstation installation, most of these services are not installed in the system.
"DHCP 」
If you allow DHCP queries and responses, you will allow any network interface that uses DHCP to determine its IP address. DHCP is usually enabled. If DHCP is not enabled, your computer cannot obtain the IP address.
「 SSH 」
Secure Security) SHellSSH is a set of tools used to log on to and execute commands on remote machines. Enable this option if you are planning to use the SSH tool to access your machine through the firewall. You need to install the openssh-server software package to remotely access your machine using the SSH tool.
「 Telnet 」
Telnet is a protocol used to log on to a remote machine. Telnet communication is not encrypted, and almost no security measures are provided to prevent network spying. We recommend that you do not allow access via Telnet. If you want to allow access via Telnet, install the telnet-server software package.
「 WWW (HTTP )」
HTTP is used by Apache and other Web servers for Web Services. Enable this option if you plan to open your World Wide Web server to the public. You do not need to enable this option to view the local webpage or development webpage. If you want to provide web services, you need to install the httpd software package.
Enabling "WWW (HTTP)" does not open a port for HTTPS. To enable HTTPS, enter it in the "other ports" field.
「 Mail (SMTP )」
Enable this option if you want to allow the remote host to directly connect to your machine to send emails. If you want to receive POP3 or IMAP emails from your ISP Server, or you are using tools such as fetchmail, do not enable this option. Please note that the improperly configured SMTP server will allow remote machines to use your server to send spam.
"FTP 」
The FTP protocol is used to transfer files between network machines. Enable this option if you want to make your FTP server publicly available. You must install the vsftpd package to use this option.
Other ports 」
You can allow access to other ports not listed here by listing them in the "other ports" field. Format: Port: protocol. For example, if you want to allow IMAP to pass through your firewall, you can specify imap: tcp. You can also specify a port number to allow UDP packets to pass through the firewall on port 1234 and enter 1234: udp. To specify multiple ports, separate them with commas.
Tip: You need to change your security level Configuration after installation, and use the security level Configuration tool. Enter the redhat-config-securitylevel command in the shell prompt to start the security level Configuration tool. If you are not the root user, it will prompt you to enter the root password and continue.
Related Articles]
- Linux-based Router and firewall configuration
- Comparison of linux Firewall implementation technologies
- Quickly build a Linux Firewall