Setting Up Your Firewall: redhat-config-securitylevel

To set up your firewall, run redhat-config-securitylevel on your system (Security Level in the System Settings window and menu). You can enable or disable your firewall (see Figure 5-5). The None option disables the firewall. You can run your firewall on a stand-alone system directly connected to the Internet, or on a gateway system that connects a local network to the Internet (as described in the previous sections). For a local network, be sure that the local hosts do not have any kind of firewall running. The firewall should run only on the gateway. Furthermore, the gateway will have at least two network connections, one for the local network and an Internet connection device for the Internet. Make sure that the firewall is applied to the Internet device, not to your local network. On redhat-config-securitylevel, you do this by making the local network device a trusted device.

Figure 5-5: redhat-config-securitylevel

In the network example used here, the firewall is run on the eth0 network device (the first Ethernet card), which functions as the gateway. The local network is connected through the eth1 network device (the second Ethernet card).

If you are creating a strong firewall but still want to run a service such as a Web server, allow users to perform FTP file transfers on the Internet, or allow remote encrypted connections such as SSH, you will have to specify them in the Trusted Services pane.