RedHatLinux provides firewall protection for increased system security. A firewall exists between your computer and the network to determine which resources on your computer are accessible to remote users on your network. A properly configured firewall can greatly increase your system security.
Choose the right level of security for your system.
Advanced
If you choose "Advanced", your system will not accept connections that are not specified by you (except for the default settings). Only the following connections are allowed by default:
DNS Response
DHCP— Any network interface using DHCP can be configured accordingly. If you choose "Advanced", your firewall will not allow the following connections:
1. Active FTP (Passive state FTP used by default in most clients should work fine.)
2.IRCDCC file transfer.
3.RealAudio.
4. Remote X Window System Client.
This is the safest option if you want to connect your system to the Internet but don't plan to run the server. If you need additional services, you can choose "Customize" to specify the services that are allowed to pass through the firewall.
Note: If you choose to set up an intermediate or advanced firewall during installation, the network authentication method (NIS and LDAP) will not work.
Intermediate
If you choose "Intermediate", your firewall will not allow your system to access certain resources. Access to the following resources is not allowed by default:
1. Ports below 1023 — these are the ports to be reserved by the standard, mainly used by some system services, such as: FTP, SSH, telnet, HTTP, And NIS.
2.NFS server port (2049)— NFS has been disabled on both remote and local clients.
3. Local X Window System Display for Remote X Clients.
4.X font server port (xfs is not listening on the network; it is disabled by default in the font server).
If you want to allow access to resources such as RealAudio, but still want to block access to common system services, select “Intermediate”. You can choose “Customize" to allow specific specified services to pass through the firewall. Note: If you choose to set up an intermediate or advanced firewall in your installation, the network authentication method (NIS and LDAP) will not work.
No firewall
No firewall gives full access and does not do any security checks. Security checks are disabled for certain services. It is recommended that you only select this option when running on a trusted network (not the Internet), or if you want to perform detailed firewall configuration later.
Select “Customize" to add trusted devices or allow other access interfaces.
Trusted Devices
Selecting any of the "trusted devices" will allow your system to accept all traffic from this device; it is not subject to firewall rules. For example, if you are running a LAN but are connected to the Internet via PPP dial-up, you can select <;eth0” and then all traffic from your LAN will be allowed. Selecting <;eth0” as "trusted" means that all traffic within this Ethernet is allowed, but the ppp0 interface still has firewall restrictions. If you want to limit traffic on an interface, don't choose it.
It is recommended that you do not set the device on the public network connected to the Internet as "trusted device".
Allow access to
Enabling these options will allow specific specified services to pass through the firewall. Note: Most of these services are not installed in the system during workstation type installation.
DHCP
If you allow incoming DHCP queries and responses, you will allow any network interface that uses DHCP to determine its IP address. DHCP is usually enabled. If DHCP is not enabled, your computer will not be able to obtain an IP address.
SSH
Secure SHELL (SSH) is a set of tools for logging in and executing commands on a remote machine. Enable this option if you plan to use SSH tools to access your machine through a firewall. You need to install the openssh-server package to use SSH tools to access your machine remotely.
Telnet
Telnet is a protocol used to log in on a remote machine. Telnet communication is not encrypted and provides almost no security measures against network spying. It is recommended that you do not allow access to Telnet access. If you want to allow access to Telnet access, you need to install the telnet-server package. "WWW(HTTP)"
The HTTP protocol is used by Apache (and other web servers) for web services. If you plan to open your web server to the public, enable this option. You don't need to enable this option to view local web pages or develop web pages. If you plan to provide web services, you will need to install the httpd package.
Enabling "WWW(HTTP)" will not open a port for HTTPS. To enable HTTPS, specify it in the “other ports" field.
Mail (SMTP)
Enable this option if you need to allow remote hosts to connect directly to your machine to send mail. Do not enable this option if you want to receive POP3 or IMAP mail from your ISP server, or if you are using a tool like fetchmail. Please note that an incorrectly configured SMTP server will allow remote machines to use your server to send spam.
FTP
The FTP protocol is a protocol for transferring files between networked machines. Enable this option if you plan to make your FTP server publicly available. You need to install the vsftpd package to take advantage of this option.
Other Ports
You can allow access to other ports not listed here by listing them in the “other ports" field. The format is: "port: protocol”. For example, if you want to allow IMAP to pass through your firewall, you can specify imap:tcp. You can also specify the port number. To allow UDP packets to pass through the firewall on port 1234, enter 1234: udp. To specify multiple ports, use commas Separate them.
Tip: To change your security level configuration after installation, use the security level configuration tool. Type the redhat-config-securitylevel command at the shell prompt to start the security level configuration tool. If you are not the root user, it will prompt you to enter the root password before proceeding.
Computer store news: Microsofts rule for the new operating system Windows 10 seems to be choice, cho
Computer shop news: With the disclosure of the Windows Phone 8.1 SDK, the features of the new versio
Microsoft will stop supporting Windows XP in the near future. Out, the majority of Microsoft fans ar
Computer store news: Microsoft confirmed on Friday that it will launch a new version of the operatin
BlackBerry: Will not launch BBM
Win8.1 is the first to experience Bing's new search results page
Quick preview version of Win10 for mirroring? Microsoft said
Windows 8 will enhance multi-display support function
Reload Win7 Ultimate with one click! Jinshan reloading master released
Black Five promotion application does not deduct $0.10, Win10 users like Microsoft "conscience"
Microsoft "Imperial Age OL" terminated development
Microsoft issued a statement explaining the reason for the Skype network failure
Samsung advises customers not to install Windows 10 for apologies.
Create a personal homepage, Cortana Microsoft Xiaona information function patent exposure
Microsoft WP8.1 Notification Center custom settings so designed?
According to the survey company, it is only after half a year to upgrade to Win10 Enterprise Edition
How to hide desktop icons in win10 system?
Introduction to Windows 2000 Outlook Express Window
Win7 system computer when sharing files prompts "enter network password" solution
Win10 upgrade prompts to close the method Daquan
ARROWS Tab still can't run Win8.1 preview version
Reinstalling the computer is too much trouble, driving life to help you busy
The essential difference between Windows 7 and Vista security
No digital signature can not install Win10 driver? 2 strokes easy to get
Naruto OL civilian fire master like a dream-like Shura-level play Raiders