| |
|
Home
|
| Red Hat Linux 7.2: The Official Red Hat Linux x86 Installation Guide |
|---|
| Prev | Chapter 3. Installing Red Hat Linux | Next |
Red Hat Linux offers firewall protection for enhanced system
security. A firewall exists between your computer and the network, and
determines which resources on your computer remote users on the network
can access. A properly configured firewall can greatly increase the
security of your system.
Choose the appropriate security level for your system.
- High
If you choose High, your system will not
accept connections (other than the default settings) that are not
explicitly defined by you. By default, only the following
connections are allowed:
If you choose High, your firewall
will not allow the following:
Active mode FTP (passive mode FTP, used by default in
most clients, should still work) IRC DCC file transfers RealAudioTM Remote X Window System clients
If you are connecting your system to the Internet, but do not plan
to run a server, this is the safest choice. If additional services
are needed, you can choose Customize to
allow specific services through the firewall. - Medium
If you choose Medium, your firewall will not
allow remote machines to have access to certain resources on your
system. By default, access to the following resources are not
allowed:
Ports lower than 1023 — the standard
reserved ports, used by most system services, such as
FTP,
SSH,
telnet, and
HTTP
The NFS server port (2049) The local X Window System display for remote X clients The X Font server port (by default,
xfs does not listen on the network,
it is disabled in the font server)
If you want to allow resources such as
RealAudioTM, while
still blocking access to normal system services, choose
Medium. Select Customize
to allow specific services through the firewall.
- No Firewall
No firewall provides complete access to your system and does no
security checking. Security checking is the disabling of access to
certain services. This should only be selected if you are running
on a trusted network (not the Internet) or plan to do more
firewall configuration later.
Choose Customize to add trusted devices or to allow
additional incoming services.
- Trusted Devices
Selecting any of the Trusted Devices allows
access to your system for all traffic from that device; it is
excluded from the firewall rules. For example, if you are running
a local network, but are connected to the Internet via a PPP
dialup, you can check eth0 and any traffic
coming from your local network will be allowed. Selecting
eth0 as trusted means all traffic over the
Ethernet is allowed, put the ppp0 interface is still
firewalled. If you want to restrict traffic on an interface, leave
it unchecked.
It is not recommended that you make any device that is connected
to public networks, such as the Internet, a Trusted
Device.
- Allow Incoming
Enabling these options allow the specified services to pass
through the firewall. Note, during a workstation
installation, the majority of these services are
not installed on the system.
- DHCP
If you allow incoming DHCP queries and replies, you allow
any network interface that uses DHCP to determine its IP
address. DHCP is normally enabled. If DHCP is not enabled,
your computer can no longer get an IP address. - SSH
Secure SHell (SSH)
is a suite of tools for logging into and executing commands
on a remote machine. If you plan to use SSH tools to access
your machine through a firewall, enable this option. You
need to have the openssh-server package
installed in order to access your machine remotely, using
SSH tools.
- Telnet
Telnet is a protocol for logging into remote
machines. Telnet communications are unencrypted, and provide
no security from network snooping. Allowing incoming Telnet
access is not recommended. If you do want to allow inbound
Telnet access, you will need to install the
telnet-server package.
- WWW (HTTP)
The HTTP protocol is used by Apache (and by other Web
servers) to serve Web pages. If you plan on making your Web
server publicly available, enable this option. This option
is not required for viewing pages locally or for developing
Web pages. You will need to install the
apache package if you want to serve Web
pages.
- Mail (SMTP)
If you want to allow incoming mail delivery through your
firewall, so that remote hosts can connect directly to your
machine to deliver mail, enable this option. You do not need
to enable this if you collect your mail from your ISP's
server using POP3 or IMAP, or if you use a tool such as
fetchmail. Note that an
improperly configured SMTP server can allow remote machines
to use your server to send spam. - FTP
The FTP protocol is used to transfer files between machines
on a network. If you plan on making your FTP server publicly
available, enable this option. You need to install the
wu-ftpd (and possibly the
anonftp) package for this option to be
useful.
- Other ports
You can allow access to ports which are not listed here, by
listing them in Other ports field. Use
the following format: port:protocol.
For example, if you want to allow IMAP access through your
firewall, you can specify
imap:tcp. You can also explicitly
specify numeric ports; to allow UDP packets on port 1234
through the firewall, enter 1234:udp.
To specify multiple ports, separate them with commas.
|
|
|
|
|
|
|
|
Disclaimer: For authoritative source or latest update to this
documentation, please refer to http://www.redhat.com/docs/manuals/linux/ |
|
 |
|
|
|
Quotes: To be capable of steady friendship or lasting love, are the two greatest proofs, not only of goodness of heart, but of strength of mind.The truly proud man knows neither superiors nor inferiors. The first he does not admit of; the last he does not concern himself about.
|
|
|
|
|
|
|
