Shulou(Shulou.com)06/01 Report--

This article mainly shows you "what are the firewall configuration skills under RedHat Linux", the content is simple and clear, and I hope it can help you solve your doubts. Let me lead you to study and learn this article "what are the firewall configuration skills under RedHat Linux".

RedHatLinux provides firewall protection for increasing system security. Firewalls exist between your computer and the network to determine which resources remote users in the network have access to on your computer. A properly configured firewall can greatly increase your system security.

Choose the appropriate security level for your system.

Advanced

If you choose Advanced, your system will not accept connections that are not specified by you (except for the default settings). Only the following connections are allowed by default:

DNS response

DHCP- any network interface that uses DHCP can be configured accordingly. If you choose Advanced, your firewall will not allow the following connections:

1. Active state FTP (passive state FTP, which is used by default in most clients, should work properly.)

2.IRCDCC file transfer.

3.RealAudio.

4. Remote X window system client.

If you want to connect the system to the Internet, but do not plan to run the server, this is the safest option. If additional services are needed, you can choose "customize" to specify the services that are allowed to pass through the firewall.

Note: if you choose to set up intermediate or advanced firewalls in your installation, network authentication methods (NIS and LDAP) will not work.

intermediate

If you choose "intermediate", your firewall will not allow your system to access certain resources. Access to the following resources is not allowed by default:

1. Ports below 1023-these are the ports to be reserved by the standard and are mainly used by system services such as FTP, SSH, telnet, HTTP, and NIS.

2.NFS server port (2049)-NFS has been disabled on both the remote server and the local client.

3. The local X window system is displayed for the remote X client.

4.X font server port (xfs does not listen on the network; it is disabled by default in the font server).

If you want to allow access to resources such as RealAudio, but still block access to normal system services, select Intermediate. You can choose "Custom" to allow specific services to pass through the firewall. Note: if you choose to set up intermediate or advanced firewalls in your installation, network authentication methods (NIS and LDAP) will not work.

No firewall

Full access without a firewall does not do any security checks, which are disabled for certain services. It is recommended that you select this option only if you are running on a trusted network (non-Internet), or if you want to do detailed firewall configuration later.

Select Custom to add trusted devices or allow others to enter the interface.

Trusted Devic

Selecting any of the "trusted devices" will allow your system to accept all traffic from this device; it is not subject to firewall rules. For example, if you are running a local area network but have a dial-up connection to the Internet through PPP, you can select "eth0" and all traffic from your local area network will be allowed. Selecting "eth0" as "trusted" means that all traffic within this Ethernet is allowed, but the ppp0 interface is still restricted by firewalls. If you want to restrict traffic on an interface, don't choose it.

It is recommended that you do not define devices connected to public networks such as the Internet as "trusted devices".

Allow entry

Enabling these options will allow specific services to pass through the firewall. Note: in workstation type installations, most of these services are not installed within the system.

DHCP

If you allow access to DHCP queries and responses, you will allow any network interface that uses DHCP to determine its IP address. DHCP is usually enabled. If DHCP is not enabled, your computer will not be able to obtain IP addresses.

SSH

Secure (Security) SHell (SSH) is a set of tools used to log in and execute commands on remote machines. Enable this option if you plan to use the SSH tool to access your machine through the firewall. You need to install the openssh-server package to use the SSH tool to access your machine remotely.

Telnet

Telnet is a protocol used to log in on a remote machine. Telnet communications are unencrypted and provide almost no security measures to prevent spying from the network. It is recommended that you do not allow access to the Telnet. If you want to allow access to Telnet, you need to install the telnet-server package. "WWW (HTTP)"

The HTTP protocol is used by Apache (and other World wide Web servers) for web services. If you plan to open your World wide Web server to the public, please enable this option. You do not need to enable this option to view local web pages or develop web pages. If you plan to provide web services, you need to install the httpd package.

Enabling "WWW (HTTP)" will not open a port for HTTPS. To enable HTTPS, indicate in the other Ports field.

Mail (SMTP)

Enable this option if you need to allow remote hosts to connect directly to your machine to send mail. If you want to receive POP3 or IMAP emails from your ISP server, or if you are using a tool such as fetchmail, do not enable this option. Please note that an improperly configured SMTP server will allow remote machines to use your server to send spam.

FTP

FTP protocol is a protocol used to transfer files between network machines. Enable this option if you plan to make your FTP server publicly available. You need to install the vsftpd package to take advantage of this option.

Other port

You can allow access to other ports that are not listed here by listing them in the other Ports field. The format is: Port: protocol. For example, if you want to allow IMAP to pass through your firewall, you can specify imap:tcp. You can also specify the port number. To allow UDP packets to pass through the firewall on port 1234, enter 1234:udp. To specify multiple ports, separate them with commas.

Tip: to change your security level configuration after installation, use the security level configuration tool. Type the redhat-config-securitylevel command at the shell prompt to start the security level configuration tool. If you are not a root user, it will prompt you to enter the root password before continuing.

These are all the contents of this article entitled "what are the firewall configuration skills under RedHat Linux?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.