Enabling And Disabling The Firewall; Trusted Services - Red Hat ENTERPRISE LINUX 4 System Administration Manual

Chapter 18. Firewalls

18.2.2. Enabling and Disabling the Firewall

Select one of the following options for the firewall:
• Disabled — Disabling the firewall provides complete access to your system and does no security
checking. This should only be selected if you are running on a trusted network (not the Internet) or
need to configure a custom firewall using the iptables command line tool.
Warning
Firewall configurations and any customized firewall rules are stored in the /etc/
sysconfig/iptables file. If you choose Disabled and click OK, these configurations
and firewall rules will be lost.
• Enabled — This option configures the system to reject incoming connections that are not in
response to outbound requests, such as DNS replies or DHCP requests. If access to services
running on this machine is needed, you can choose to allow specific services through the firewall.
If you are connecting your system to the Internet, but do not plan to run a server, this is the safest
choice.

18.2.3. Trusted Services

Enabling options in the Trusted services list allows the specified service to pass through the firewall.
WWW (HTTP)
The HTTP protocol is used by Apache (and by other Web servers) to serve web pages. If you plan
on making your Web server publicly available, select this check box. This option is not required for
viewing pages locally or for developing web pages. This service requires that the httpd package
be installed.
Enabling WWW (HTTP) will not open a port for HTTPS, the SSL version of HTTP. If this service is
required, select the Secure WWW (HTTPS) check box.
FTP
The FTP protocol is used to transfer files between machines on a network. If you plan on making
your FTP server publicly available, select this check box. This service requires that the vsftpd
package be installed.
SSH
Secure Shell (SSH) is a suite of tools for logging into and executing commands on a remote
machine. To allow remote access to the machine via ssh, select this check box. This service
requires that the openssh-server package be installed.
Telnet
Telnet is a protocol for logging into remote machines. Telnet communications are unencrypted and
provide no security from network snooping. Allowing incoming Telnet access is not recommended.
To allow remote access to the machine via telnet, select this check box. This service requires that
the telnet-server package be installed.
Mail (SMTP)
SMTP is a protocol that allows remote hosts to connect directly to your machine to deliver mail.
You do not need to enable this service if you collect your mail from your ISP's server using POP3
178