
Firewall Customization

Choose which trusted devices and incoming services
should be allowed for your network security settings.

Trusted Devices -- Checking these for any of your
devices allows all traffic coming from that device to be
allowed. For example, if you are running a local
network, but are connecting to the Internet via a PPP
dialup, you could check that eth0 is trusted to allow
any traffic coming from your local network.

It is not recommended to enable this for devices that
are connected to public networks, such as the Internet.

Allow Incoming -- Enabling these options allow the
specified services to pass through the firewall. Note,
during a workstation-class installation, the majority of
these services are not present on the system.

     * DHCP -- This allows DHCP queries and replies,
       and allows any network interfaces that use
       DHCP to determine their IP address. DHCP is
       normally enabled.
     * SSH -- Secure Shell (SSH) is a protocol for
       logging into and executing commands on remote
       machines. It provides secure encrypted
       communications. If you plan on accessing your
       machine remotely via SSH over a firewalled
       interface, enable this option. You need the
       openssh-server package installed for this
       option to be useful.
     * Telnet -- Telnet is a protocol for logging
       into remote machines. It is unencrypted, and
       provides little security from network snooping
       attacks. Enabling telnet is not recommended.
       You need the telnet-server package installed
       for this option to be useful.
     * WWW (HTTP) -- HTTP is the protocol used by
       Apache to serve Web pages. If you plan on
       making your Web server publicly available,
       enable this option. This option is not
       required for viewing pages locally or
       developing Web pages. You need the Apache
       package installed for this option to be
       useful.
     * Mail (SMTP) -- This allows incoming SMTP mail
       delivery. If you need to allow remote hosts to
       connect directly to your machine to deliver
       mail, enable this option. You do not need to
       enable this if you collect your mail from your
       ISP's server by POP3 or IMAP, or if you use a
       tool such as fetchmail. Note that an
       improperly configured SMTP server can allow
       remote machines to use your server to send
       spam.
     * FTP -- FTP is a protocol used for remote file
       transfer. If you plan on making your FTP
       server publicly available, enable this option.
       You need the wu-ftpd (and possibly anonftp)
       packages installed for this option to be
       useful.
     * Other ports -- You can specify that other
       ports not listed here be allowed through the
       firewall. The format to use is
       'port:protocol'. For example, if you wanted to
       allow IMAP access through your firewall, you
       can specify 'imap:tcp'. You can also specify
       numeric ports explicitly; to allow UDP packets
       on port 1234 through, specify '1234:udp'. To
       specify multiple ports, separate them by
       commas.
