Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ linux firewall configuration     - jQuery update the content and method of use 3.0 (Programming)

- Detailed driver compiled into the Linux kernel (Programming)

- Using Vagrant create cross-platform development environment (Linux)

- Kubuntu 14.04 desktop to the user how to upgrade KDE 4.13.2 (Linux)

- Denyhosts prevent hackers using SSH scanning (Linux)

- How to statistical data of various size Redis (Database)

- RedHat Linux 9.0 under P4VP-MX motherboard graphics resolution of problems (Linux)

- Oracle 11g through SCN do incremental backup repair standby library detailed process (Database)

- Change CentOS 7 NIC name eno16777736 to eth0 (Linux)

- RealVNC Server 5.2.3 Installation and Configuration In Fedora (Server)

- Configuring Haproxy log support (syslog logging support) (Server)

- MySQL primary and secondary replicate data inconsistencies (Database)

- Linux kernel RCU (Read Copy Update) lock Brief - prequel (Linux)

- quotacheck command file can not be created aquota.user and aquota.group solutions (Linux)

- Ubuntu Locale configuration problem solving Can not set LC_CTYPE (Linux)

- Firewall - Internet Militarization (Linux)

- Java Network Programming Internet address lookup (Programming)

- Node.js development environment deployment (Server)

- To configure Samba to share files with Windows under CentOS (Linux)

- Shuffle Process Arrangement in MapReduce (Server)

  linux firewall configuration
  Add Date : 2017-01-08      
  linux firewall configuration
RedHat Linux to increase system security provides the firewall protection. A firewall exists between your computer and the network, the network used to determine the remote users have access to which resources on your computer. A properly configured firewall can greatly increase your system security.
Choose the appropriate security level for your system.
If you choose the "Advanced", your system will not accept that you are not connected to a specific designated (in addition to the default settings). Only the following connections are allowed by default:
DNS responses
DHCP - any network interface to use DHCP can be configured accordingly.
If you choose "Advanced", your firewall will not allow the following connections:
1. active FTP (the default in most clients use passive FTP should be able to properly run state.)
2.IRC DCC file transfers
4. Remote X Window System clients
If you want the system to connect to the Internet, but does not plan to run a server, this is the safest choice. If you need additional services, you can choose "Custom" to specify allowed through the firewall.
Notes: If you choose to install a set intermediate or advanced firewall, network authentication methods (NIS and LDAP) will not work.
If you choose the "intermediate", your firewall will not be allowed to access certain resources on your system. Access to the following resources are not allowed by default:
1. lower than 1023 - the standard reserved ports, mainly used by some system services, such as: FTP, SSH, telnet, HTTP, and NIS.

2.NFS server port (2049) - the remote server and local client machine, NFS have been disabled.
3. The local X Window System for remote X clients to set up the display.
4.X Font server port (xfs not monitor the network; it is disabled by default in the font server).
If you want to permit access to resources like RealAudio, but still block access to common system services, select the "intermediate." You can choose "custom" to allow specific services through the firewall. Notes: If you choose to install a set intermediate or advanced firewall, network authentication methods (NIS and LDAP) will not work.
"No firewall"
No firewall provides complete access and does no security checking. Security check is to disable certain services. I suggest you only in a trusted network (not the Internet) is running, or you want further detail later when the firewall configuration.
Select "Custom" to add trusted devices or to allow others to enter the interface.
"Trusted devices."
Select "trusted devices" in any system will allow you to accept all traffic from that device; it is not firewall rules restrictions. For example, if you run a local area network, but through the PPP dial-up connection to the Internet, you can select "eth0", then all traffic from your LAN will be allowed. The "eth0" selected as the "trust" means that all the Ethernet traffic is allowed within, but the ppp0 interface to still have a firewall restriction. If you want to restrict traffic on an interface, do not choose it.
I suggest you do not connect to devices on the public network like the Internet as "trusted devices."
Enabling these options allow the specified services through the firewall. Note: The type of workstation installation, the majority of these services are not installed in the system.
If you allow incoming DHCP queries and responses, you will allow anyone to use DHCP to determine its IP address of the network interface. DHCP is normally enabled. If DHCP is not enabled, your computer will not be able to obtain an IP address.

Secure (secure) SHell (SSH) is used to log in and execute commands on a remote machine a set of tools. If you plan to use SSH tools to access your machine through a firewall, enable this option. You need to install openssh-server package to use SSH tools to remotely access your machine.
Telnet protocol is used to log on the remote machine. Telnet communications are not encrypted, almost did not provide any kind prevent from network snooping security measures. I suggest you do not allow access to the Telnet access. If you want to allow access to the Telnet access, you need to install the telnet-server package.
HTTP protocol is Apache (and other World Wide Web server) used for web services. If you plan on making your Web server publicly available, enable this option. You do not need to enable this option to view the local web page or web pages. If you want to serve webpages, you need to install the httpd package.
Enable "WWW (HTTP)" will not open a port for HTTPS. To enable HTTPS, the "other ports" field specified.
"Mail (SMTP)."
If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. If you want to receive from your ISP POP3 or IMAP e-mail servers, or you are using a tool like fetchmail, do not enable this option. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.
FTP protocol is a protocol for file transfer between network machines. If you plan on making your FTP server publicly available, enable this option. You need to install the vsftpd package to take advantage of this option.
"Other ports"
You can allow access to is not listed here other ports, it is in the "other ports" field listed within them. Format: port: protocol. For example, if you want to allow IMAP through your firewall, you can specify imap: tcp. You can also specify a specific port number, to allow UDP packets on port 1234 through the firewall, enter 1234: udp. To specify multiple ports, separate them with commas.
Tip: To change your security level configuration after installation, use the Security Level Configuration Tool. Type RedHat-config-securitylevel command at a shell prompt to launch the Security Level Configuration Tool. If you are not root, it will prompt you for the root password to continue.
- Traffic monitor Linux Python Version (Programming)
- The official release method to upgrade to Ubuntu 15.04 (Linux)
- error no.2013 lost connection Tom with SQLServer during query (Database)
- Installation under Linux to deploy Java (Linux)
- RHEL6.5 replace local YUM source (Linux)
- How to clean up your Ubuntu 14.10 / 14.04 / 13.10 system (Linux)
- Achieve camera preview by ffplay (Linux)
- Examples of Exploration Class File (Programming)
- CentOS 7 - use cgroups limit process resource (Linux)
- Use Redis as time-series database: why and how (Database)
- C language header file defines a global variable (Programming)
- Installation Experience open source car Automotive Grade Linux system (Linux)
- Linux system firewall defense network attacks (Linux)
- Docker build their own private warehouses (Linux)
- Java framework for parallel study - ForkJoin (Programming)
- Ceph single / multi-node installation summary Powered by CentOS 6.x (Server)
- Migrate Oracle database files to ASM (Database)
- Linux keyboard recording script (Linux)
- C language macro definition #define Usage (Programming)
- Ubuntu derivative version of the user and how to install SmartGit / HG 6.0.0 (Linux)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.