4.6. Personal Firewalls

Once the necessary network services are configured, it is important to implement a firewall.

Firewalls prevent network packets from accessing the network interface of the system. If a request is made to a port that is blocked by a firewall, the request will be ignored. If a service is listening on one of these blocked ports, it will not receive the packets and is effectively disabled. For this reason, care should be taken when configuring a firewall to block access to ports not in use, while not blocking access to ports used by configured services.

For most users, the best tools for configuring a simple firewall are the two straight-forward, graphical firewall configuration tools which ship with Red Hat Linux: the Security Level Configuration Tool and GNOME Lokkit.

Both of these tools perform the same task — they create broad iptables rules for a general-purpose firewall. The difference between them is in their approach to performing this task. The Security Level Configuration Tool is a firewall control panel, while GNOME Lokkit presents the user with a series of questions in a wizard-type interface.

For more information about how to use these applications and what options they offer, refer to the chapter called Basic Firewall Configuration in the Red Hat Linux Customization Guide.

For advanced users and server administrators, manually configuring a firewall with iptables is likely the best option. Refer to Chapter 7 Firewalls for more information. For a comprehensive guide to the iptables command, consult the chapter titled Firewalls and iptables in the Red Hat Linux Reference Guide.