RedHat Linux to increase system security provides the firewall protection. Firewall exists between your computer and the network used to determine the network to your remote users have access to what resources on the computer. A properly configured firewall can greatly increase your system security.
For your system, select the appropriate security level.
"Advanced"
If you choose the "Advanced", your system will not accept is not the connection you specify (in addition to the default are set up). Only the following connections are allowed by default:
DNS response
DHCP - any network interface to use DHCP can be configured accordingly.
If you choose "Advanced", your firewall will not allow the following connections:
1. Active state of FTP (the default in most clients use passive FTP should be able to function properly.)
2.IRC DCC file transfers
3.RealAudio
4. Remote X Window System client
If you take the system to connect to the Internet, but does not intend to run the server, this is the safest choice. If you need additional services, you can choose "Custom" to specify the services to allow through the firewall.
Note: If you set up the installation choose intermediate or advanced firewall, network authentication methods (NIS and LDAP) will not work.
"Intermediate"
If you choose the "intermediate", your firewall will not be allowed to access certain resources on your system. Visit the following resources are not allowed by default:
1. Less than 1023 ports - these are the standards to keep the port, mainly used by some system services, such as: FTP, SSH, telnet, HTTP, and NIS.
2.NFS server port (2049) - the remote server and local client machine, NFS have been disabled.
3. To set up a remote X client machine's local X Window System display.
4.X Font server port (xfs is not monitoring the network; it in the font server is disabled by default).
If you want to permit access to resources like RealAudio, but they still block access to common system services, select the "intermediate." You can choose "custom" to allow specific services through the firewall specified.
Note: If you set up the installation choose intermediate or advanced firewall, network authentication methods (NIS and LDAP) will not work.
"No firewall"
No firewall is not given full access to any security checks. Security check is to disable certain services. I suggest you only in a trusted network (not Internet) in the run-time, or you want further detail later when the election the firewall configuration.
Select "Custom" to add trusted devices or to allow others access interfaces.
"Trusted devices"
Select "trusted devices" in any system will allow you to accept all traffic from the device; it is not firewall rules restrictions. For example, if you run a local area network, but through the PPP dial-up connection to the Internet, you can select "eth0", then all traffic from your LAN will be allowed. The "eth0" selected "trust" means that all the Ethernet traffic is allowed within, but the ppp0 interface to still have a firewall restriction. If you want to restrict traffic on certain interfaces, do not select it.
Recommend that you do not connect to public networks like the Internet on the device as "trusted devices."
"Allow access"
Enabling these options will allow specific services through the firewall specified. Note: The installation of the workstation type, most of these services has not been installed in the system.
"DHCP"
If you are allowed to enter the DHCP queries and responses, you will allow anyone to use DHCP to determine the IP address of the network interface. DHCP is usually enabled. If DHCP is not enabled, your computer will not be able to obtain the IP address.
"SSH"
Secure (secure) SHell (SSH) is used to log on the remote machine and execute commands on a set of tools. If you plan to use SSH tools through the firewall to access your machine, enable this option. You need to install openssh-server package to use the SSH tool to remotely access your machine.
"Telnet"
Telnet is used to log on the remote machine agreement. Telnet communications are not encrypted, almost no information from the network to prevent security measures like spying. I suggest you do not allow access to the Telnet access. If you want to allow access to the Telnet access, you need to install telnet-server package.
"WWW (HTTP)"
HTTP protocol is Apache (and other World Wide Web server) used for web services. If you intend to open to the public of your Web server, enable this option. You do not need to enable the option to view the local web page or web pages. If you plan to provide Web services, you need to install the httpd package.
Enable "WWW (HTTP)" will not open a port for the HTTPS. To enable HTTPS, the "other ports" field specified.
"Mail (SMTP)"
If you need to allow remote hosts to connect directly to your machine to send mail, enable this option. If you want the server from your ISP POP3 or IMAP e-mail received, or you are using a tool like fetchmail, do not enable this option. Please note that not correctly configured SMTP server will allow remote machines to use your server to send spam.
"FTP"
FTP protocol is used to transfer files between machines in the network protocol. If you intend to make your FTP server can be publicly used, enable this option. You need to install the vsftpd package to take advantage of this option.
"Other ports"
You can allow the other ports not listed here visit is in the "other ports" field listed within them. Format: port: protocol. For example, if you want to allow IMAP through your firewall, you can specify imap: tcp. You can also specify the port number, to allow UDP packets on port 1234 through the firewall, enter 1234: udp. To specify multiple ports, separate them with commas.
Tip: To install after changing the security level of your configuration, use the Security Level Configuration Tool. At the shell prompt, type the command redhat-config-securitylevel to start the security level configuration tool. If you are not root user, it will prompt you for root password before continuing.