Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
81828384858687888990
90 Chapter 7. Basic Firewall Configuration
Web Server Choose this option if you want people to connect to a Web server such as
Apache running on your system. You do not need to choose this option if you want to
view pages on your own system or on other servers on the network.
Incoming Mail Choose this option if your system needs to accept incoming mail. You
do not need this option if you retrieve email using IMAP, POP3, or fetchmail.
Secure Shell Secure Shell, or SSH, is a suite of tools for logging into and executing
commands on a remote machine over an encrypted connection. If you need to access your
machine remotely through ssh, select this option.
Telnet — Telnet allows you to log into your machine remotely; however, it is not secure. It
sends plain text (including passwords) over the network. It is recommended that you use
SSH to log into your machine remotely. If you are required to have telnet access to your
system, select this option.
To disable other services that you do not need, use Serviceconf (see Section 8.3) or ntsysv
(see Section 8.4), or chkconfig (see Section 8.5).
7.5. Activating the Firewall
Clicking Finish on the Activate the Firewall page will write the firewall rules to
/etc/sysconfig/ipchains and start the firewall by starting the ipchains service.
It is highly recommended that you run GNOME Lokkit from the machine, not from a remote
X session. If you disable remote access to your system, you will no longer be able to access it
or disable the firewall rules.
Click Cancel if you do not want to write the firewall rules.
7.5.1. Mail Relay
A mail relay is a system that allows other systems to send email through it. If your system is
a mail relay, someone can possibly use it to spam others from your machine.
If you chose to enable mail services, after you click Finish on the Activate the Firewall
page, you will be prompted to check for mail relay. If you choose Yes to check for mail re-
lay, GNOME Lokkit will attempt to connect to the Mail Abuse Prevention System website at
http://www.mail-abuse.org/ and run a mail relay test program. The results of the test will
be displayed when it is finished. If your system is open to mail relay, it is highly recom-
mended that you configure Sendmail to prevent it.
7.5.2. Activating the ipchains Service
The firewall rules will only be active if the ipchains service is running. To manual start the
service, use the command:
/sbin/service ipchains restart
To ensure that it is started when the system is booted, issue the command:
/sbin/chkconfig --level 345 ipchains on
You can also use Serviceconf to activate ipchains. See Section 8.3.