JumpStart: Building a Firewall Using system-config-securitylevel


JumpStart: Building a Firewall Using system-config-securitylevel

To run this utility, enter system-config-securitylevel on a command line. From KDE select Main menu: Administration Security Level and Firewall or from GNOME select System: Administration Security Level and Firewall. The system-config-securitylevel utility builds an extremely simple firewall but struggles with complex setups. The system-config-securitylevel utility displays the Security Level Configuration window (), which has two tabs. The SELinux tab is discussed on page and the Firewall Options tab is discussed here.

Figure 25-3. Security Level Configuration window, Firewall Options tab


From the Firewall combo box, select Enabled. The firewall automatically allows packets that originate locally through to the outside (generally the Internet) and allows responses to those packets back in.

Opening Trusted services

Click the check boxes next to the services that the local system provides. These boxes set up a firewall that allows the local system to function as one or more of the following types of servers: FTP, mail (SMTP), SSH, Samba, Secure WWW (HTTPS), TELNET, and WWW (HTTP).

Opening other ports

Enter other ports you want to open by clicking the triangle next to Other ports and then clicking Add to open the Add Port window. This window allows you to specify a port to open and the protocol that each port uses (TCP or UDP).

Caution: Opened ports are not maintained when you disable the firewall

When you enable a firewall using system-config-securitylevel, specify Trusted services and/or open Other ports, and then disable the firewall, the system does not maintain the list of services and ports you specified. When you reenable the firewall, you need to specify the services and ports again. See page for information on how you can save and reload a list of rules.

Click OK, and system-config-securitylevel sets up and turns on the firewall. For more information refer to "" on page .