Linux firewall configuration entry-level

RedHat Linux provides firewall protection for increased system security. Firewalls exist between your computer and your network to determine which remote users on your network have access to the resources on your computer. A properly configured firewall can greatly increase your system's security.

Choose the appropriate level of security for your system.

High

If you choose advanced, your system will not accept connections that are not specifically specified by you (except for the default settings). Only the following connections are allowed by default:

DNS response

dhcp-any network interface that uses DHCP can be configured accordingly.

If you choose "Advanced", your firewall will not allow the following connections:

1. Active state FTP (the passive state FTP used by default in most client machines should function correctly.) ）

2.IRC DCC File Transfer

3.RealAudio

4. Remote X Window System client

If you want to connect the system to the Internet, but do not intend to run the server, this is the safest choice. If additional services are required, you can choose "Custom" to specify the services that are allowed through the firewall.

Note: If you choose to set up intermediate or advanced firewalls in the installation, the network authentication method (NIS and LDAP) will not work.

Intermediate

If you choose "Intermediate", your firewall will not allow your system to access certain resources. Access to the following resources is not allowed by default:

1. Ports below 1023-These are the standard ports to keep, and are primarily used by some system services, such as FTP, SSH, Telnet, HTTP, and NIS.

2.NFS Server Port (2049)-NFS has been disabled on both the remote server and the local client.

3. The local X Window system that is set up for the remote x client is displayed.

4.X Font Server port (XFS is not listening on the network; it is disabled by default in the font server).

If you want to allow access to resources such as RealAudio, but still want to block access to common system services, select "Intermediate". You can choose "Custom" to allow specific services to pass through the firewall.

Note: If you choose to set up intermediate or advanced firewalls in the installation, the network authentication method (NIS and LDAP) will not work.

"No Firewall"

No firewall gives full access without any security checks. Security checks are disabled for certain services. It is recommended that you select this only if you are running in a trusted network (not the Internet), or if you want to do a detailed firewall configuration later.

Select Customize to add trusted devices or allow other access interfaces.

"Trusted Devices"

Selecting any of the trusted devices will allow your system to accept all traffic from this device; it is not restricted by firewall rules. For example, if you are running a local area network, but you are connected to the Internet via a PPP dial-up connection, you can choose "eth0" and all traffic from your local area network will be allowed. Selecting "eth0" as "trusted" means that all traffic within this Ethernet is allowed, but the Ppp0 interface still has firewall restrictions. If you want to limit traffic on an interface, do not select it.