
Firewall Configuration

   Red Hat Linux also offers you firewall protection
   for enhanced system security. A firewall sits
   between your computer and the network, and
   determines which resources on your computer remote
   users on the network are able to access. A
   properly configured firewall can greatly increase
   the out-of-the-box security of your system.

   Choose the appropriate security level for your
   system.

   High Security -- By choosing High Security, your
   system will not accept connections that are not
   explicitly defined by you. By default, only the
   following connections are allowed:

     * DNS replies
     * DHCP -- so any network interfaces that use
       DHCP can be properly configured.

   Using this High Security will not allow the
   following:

     * Active mode FTP (Passive mode FTP, used by
       default in most clients, should work fine.)
     * IRC DCC file transfers
     * RealAudio(tm)
     * Remote X Window System clients

   If you are connecting your system to the Internet,
   but do not plan to run a server, this is the
   safest choice. If additional services are needed,
   you can choose Customize to allow specific
   services through the firewall.

   Medium Security -- Choosing Medium Security will
   not allow your system to have access to certain
   resources. By default, access to the following
   resources are not allowed:

     * ports lower than 1023 -- these are the
       standard reserved ports, used by most system
       services, such as FTP, SSH, telnet, and HTTP.
     * NFS server port (2049)
     * the local X Window System display for remote X
       clients
     * the X Font server port (This is disabled by
       default in the font server.)

   If you want to allow resources such as
   RealAudio(tm), while still blocking access to
   normal system services, choose Medium Security.
   You can choose Customize to allow specific
   services through the firewall.

   No Firewall -- No firewall allows complete access
   and does no security checking. It is recommended
   that this only be selected if you are running on a
   trusted network (not the Internet), or if you plan
   to do more detailed firewall configuration later.

   Choose Customize to add trusted devices or to
   allow additional incoming interfaces.
