Installation guide
Figure 29.10. Firewall Configuration
If Disable firewall is selected, the system allows complete access to any active services and
ports. No connections to the system are refused or denied.
Selecting Enable firewall configures the system to reject incoming connections that are not in
response to outbound requests, such as DNS replies or DHCP requests. If access to services
running on this machine is required, you can choose to allow specific services through the fire-
wall.
Only devices configured in the Network Configuration section are listed as available Trusted
devices. Connections from any devices selected in the list are accepted by the system. For ex-
ample, if eth1 only receives connections from internal system, you might want to allow connec-
tions from it.
If a service is selected in the Trusted services list, connections for the service are accepted
and processed by the system.
In the Other ports text field, list any additional ports that should be opened for remote access.
Use the following format: port:protocol. For example, to allow IMAP access through the fire-
wall, specify imap:tcp. Numeric ports can also be specified explicitly; to allow UDP packets on
port 1234 through the firewall, enter 1234:udp. To specify multiple ports, separate them with
commas.
7.1. SELinux Configuration
Kickstart can set SELinux to enforcing, permissive or disabled mode. Finer grained configura-
tion is not possible at this time.
7.1. SELinux Configuration
288