| |
linux firewall configuration
RedHat Linux to increase system security provides the firewall protection. A firewall exists between your computer and the network, the network used to determine the remote users have access to which resources on your computer. A properly configured firewall can greatly increase your system security.
Choose the appropriate security level for your system.
"Advanced"
If you choose the "Advanced", your system will not accept that you are not connected to a specific designated (in addition to the default settings). Only the following connections are allowed by default:
DNS responses
DHCP - any network interface to use DHCP can be configured accordingly.
If you choose "Advanced", your firewall will not allow the following connections:
1. active FTP (the default in most clients use passive FTP should be able to properly run state.)
2.IRC DCC file transfers
3.RealAudio
4. Remote X Window System clients
If you want the system to connect to the Internet, but does not plan to run a server, this is the safest choice. If you need additional services, you can choose "Custom" to specify allowed through the firewall.
Notes: If you choose to install a set intermediate or advanced firewall, network authentication methods (NIS and LDAP) will not work.
"Intermediate"
If you choose the "intermediate", your firewall will not be allowed to access certain resources on your system. Access to the following resources are not allowed by default:
1. lower than 1023 - the standard reserved ports, mainly used by some system services, such as: FTP, SSH, telnet, HTTP, and NIS.
2.NFS server port (2049) - the remote server and local client machine, NFS have been disabled.
3. The local X Window System for remote X clients to set up the display.
4.X Font server port (xfs not monitor the network; it is disabled by default in the font server).
If you want to permit access to resources like RealAudio, but still block access to common system services, select the "intermediate." You can choose "custom" to allow specific services through the firewall. Notes: If you choose to install a set intermediate or advanced firewall, network authentication methods (NIS and LDAP) will not work.
"No firewall"
No firewall provides complete access and does no security checking. Security check is to disable certain services. I suggest you only in a trusted network (not the Internet) is running, or you want further detail later when the firewall configuration.
Select "Custom" to add trusted devices or to allow others to enter the interface.
"Trusted devices."
Select "trusted devices" in any system will allow you to accept all traffic from that device; it is not firewall rules restrictions. For example, if you run a local area network, but through the PPP dial-up connection to the Internet, you can select "eth0", then all traffic from your LAN will be allowed. The "eth0" selected as the "trust" means that all the Ethernet traffic is allowed within, but the ppp0 interface to still have a firewall restriction. If you want to restrict traffic on an interface, do not choose it.
I suggest you do not connect to devices on the public network like the Internet as "trusted devices."
"Admission"
Enabling these options allow the specified services through the firewall. Note: The type of workstation installation, the majority of these services are not installed in the system.
"DHCP"
If you allow incoming DHCP queries and responses, you will allow anyone to use DHCP to determine its IP address of the network interface. DHCP is normally enabled. If DHCP is not enabled, your computer will not be able to obtain an IP address.
"SSH"
Secure (secure) SHell (SSH) is used to log in and execute commands on a remote machine a set of tools. If you plan to use SSH tools to access your machine through a firewall, enable this option. You need to install openssh-server package to use SSH tools to remotely access your machine.
"Telnet"
Telnet protocol is used to log on the remote machine. Telnet communications are not encrypted, almost did not provide any kind prevent from network snooping security measures. I suggest you do not allow access to the Telnet access. If you want to allow access to the Telnet access, you need to install the telnet-server package.
"WWW (HTTP)"
HTTP protocol is Apache (and other World Wide Web server) used for web services. If you plan on making your Web server publicly available, enable this option. You do not need to enable this option to view the local web page or web pages. If you want to serve webpages, you need to install the httpd package.
Enable "WWW (HTTP)" will not open a port for HTTPS. To enable HTTPS, the "other ports" field specified.
"Mail (SMTP)."
If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. If you want to receive from your ISP POP3 or IMAP e-mail servers, or you are using a tool like fetchmail, do not enable this option. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.
"FTP"
FTP protocol is a protocol for file transfer between network machines. If you plan on making your FTP server publicly available, enable this option. You need to install the vsftpd package to take advantage of this option.
"Other ports"
You can allow access to is not listed here other ports, it is in the "other ports" field listed within them. Format: port: protocol. For example, if you want to allow IMAP through your firewall, you can specify imap: tcp. You can also specify a specific port number, to allow UDP packets on port 1234 through the firewall, enter 1234: udp. To specify multiple ports, separate them with commas.
Tip: To change your security level configuration after installation, use the Security Level Configuration Tool. Type RedHat-config-securitylevel command at a shell prompt to launch the Security Level Configuration Tool. If you are not root, it will prompt you for the root password to continue. |
|
|
|