Firewall Configuration Red Hat Linux also offers you firewall protection for enhanced system security. A firewall sits between your computer and the network, and determines which resources on your computer remote users on the network are able to access. A properly configured firewall can greatly increase the out-of-the-box security of your system. Choose the appropriate security level for your system. High Security -- By choosing High Security, your system will not accept connections that are not explicitly defined by you. By default, only the following connections are allowed: * DNS replies * DHCP -- so any network interfaces that use DHCP can be properly configured. Using this High Security will not allow the following: * Active mode FTP (Passive mode FTP, used by default in most clients, should work fine.) * IRC DCC file transfers * RealAudio(tm) * Remote X Window System clients If you are connecting your system to the Internet, but do not plan to run a server, this is the safest choice. If additional services are needed, you can choose Customize to allow specific services through the firewall. Medium Security -- Choosing Medium Security will not allow your system to have access to certain resources. By default, access to the following resources are not allowed: * ports lower than 1023 -- these are the standard reserved ports, used by most system services, such as FTP, SSH, telnet, and HTTP. * NFS server port (2049) * the local X Window System display for remote X clients * the X Font server port (This is disabled by default in the font server.) If you want to allow resources such as RealAudio(tm), while still blocking access to normal system services, choose Medium Security. You can choose Customize to allow specific services through the firewall. No Firewall -- No firewall allows complete access and does no security checking. It is recommended that this only be selected if you are running on a trusted network (not the Internet), or if you plan to do more detailed firewall configuration later. Choose Customize to add trusted devices or to allow additional incoming interfaces.