
Firewall Configuration

Red Hat Linux also offers you firewall protection for
enhanced system security. A firewall sits between your
computer and the network, and determines which resources
on your computer remote users on the network are able to
access. A properly configured firewall can greatly
increase the out-of-the-box security of your system.

Choose the appropriate security level for your system.

High Security -- By choosing High Security, your system
will not accept connections that are not explicitly
defined by you. By default, only the following
connections are allowed:

     * DNS replies
     * DHCP -- so any network interfaces that use
       DHCP can be properly configured.

   Using  this  High  Security  will  not  allow  the
   following:

     * Active  mode  FTP  (Passive  mode FTP, used by
       default in most clients, should work fine.)
     * IRC DCC file transfers
     * RealAudio(tm)
     * Remote X Window System clients

   If you are connecting your system to the Internet,
   but  do  not  plan  to  run  a server, this is the
   safest  choice. If additional services are needed,
   you   can   choose  Customize  to  allow  specific
   services through the firewall.

   Medium  Security  -- Choosing Medium Security will
   not  allow  your  system to have access to certain
   resources.  By  default,  access  to the following
   resources are not allowed:

     * ports   lower  than  1023  --  these  are  the
       standard  reserved  ports, used by most system
       services, such as FTP, SSH, telnet, and HTTP.
     * NFS server port (2049)
     * the local X Window System display for remote X
       clients
     * the  X  Font  server port (This is disabled by
       default in the font server.)

   If   you   want   to   allow   resources  such  as
   RealAudio(tm),  while  still  blocking  access  to
   normal  system  services,  choose Medium Security.
   You   can   choose  Customize  to  allow  specific
   services through the firewall.

   No  Firewall -- No firewall allows complete access
   and  does  no security checking. It is recommended
   that this only be selected if you are running on a
   trusted network (not the Internet), or if you plan
   to do more detailed firewall configuration later.

   Choose  Customize  to  add  trusted  devices or to
   allow additional incoming interfaces.
