Chapter 20. Basic Firewall Configuration

Just as a firewall in a building attempts to prevent a fire from spreading, a computer firewall attempts to prevent computer viruses from spreading to your computer and to prevent unauthorized users from accessing your computer. A firewall exists between your computer and the network. It determines which services on your computer remote users on the network can access. A properly configured firewall can greatly increase the security of your system. It is recommended that you configure a firewall for any Red Hat Enterprise Linux system with an Internet connection.

20.1. Security Level Configuration Tool

During the Firewall Configuration screen of the Red Hat Enterprise Linux installation, you were given the option to enable a basic firewall as well as allow specific devices, incoming services, and ports.

After installation, you can change this preference by using the Security Level Configuration Tool.

To start the application, select Main Menu Button (on the Panel) => System Settings => Security Level or type the command redhat-config-securitylevel from a shell prompt (for example, in an XTerm or a GNOME terminal).

Figure 20-1. Security Level Configuration Tool


The Security Level Configuration Tool only configures a basic firewall. If the system needs to allow or deny access to specific ports or if the system needs more complex rules, refer to the Red Hat Enterprise Linux Reference Guide for details on configuring specific iptables rules.

Select one of the following options:

Click OK to save the changes and enable or disable the firewall. If Enable firewall was selected, the options selected are translated to iptables commands and written to the /etc/sysconfig/iptables file. The iptables service is also started so that the firewall is activated immediately after saving the selected options. If Disable firewall was selected, the /etc/sysconfig/iptables file is removed, and the iptables service is stopped immediately.

The options selected are also written to the /etc/sysconfig/redhat-config-securitylevel file so that the settings can be restored the next time the application is started. Do not edit this file by hand.

Even though the firewall is activated immediately, the iptables service is not configured to start automatically at boot time, refer to Section 20.2 Activating the iptables Service for details.