no firewall option in RHL

[Gabriel2010]

hello

noticed at installation time of red hat linux 8, there are three options: high, medium and "no firewall"

what does "no firewall means" exactly in practical & technical tems?

we have some problems with the "firewall configuration" option in the setup tool ( typing setup at cmd prompt). It appears that modifying the FW config option within the setup tool, unless the specific ports & services are retyped or allowed again, it does not keep previous configured settings.

This has caused us to select the "no firewall" option at rhl 8 installation but it says that: "no firewall allows complete access and does no security checking." mmmm, does no security checking??

what happens then if no firewall option is selected? some our users do not like the idea of a "firewall" in this system, however, i think the setup tool will always have the option to go into the "firewall configuration" & modify settings there. The "firewall configuration" will always be there in the setup tool.

any thoughts, opinions?

thanks!

Glad to be here!

 

[sleipnir214]

First, your servers' need for a firewall at all depends on how you are using it. For example, if this machine is on a network that is completely physically separate from the internet, the need for a firewall is greatly reduced.

Second, in general a firewall is, as Martha Stewart would say, a "Good Thing". Even if the machine in question is itself behind a separate firewall, using the built-in firewall settings is definately indicated -- kind of a "belt and suspenders" idea.

Third, the firewall settings that are set up in the RedHat setup are, frankly, primitive. The settings do not give you sufficient contol over those settings to do anything really interesting or useful. [Aside: are you aware of the "lokkit" command, which allows you to change those settings any time you want?]

What I do when I setup RedHat is to set the security to "no firewall", then I write a shell script that invokes the iptables configuration command to set up the firewall. I then have that script run as part of the init process.

A very good book on RedHat Linux Firewalls is, well, RedHat Linux Firewalls[/b], by Bill McCarty, published by RedHat Press. It'll give you the lowdown on using iptables and some basics of firewall design.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[Gabriel2010]

Ok.

The lokkit utility takes you back to the same GUI-like-interface of the setup/firewall configuration, right?

Does the lokkit utility remembers the previous settings as applied from before? This seems to be the problem when using the setup/firewall config tool; going into it & not even modifying anything, it seems to "erase" any other previously configured stuff, then, say you have VNC access to it, after exiting the setup tool, there's no longer a VNC connection/access.

Is this the same with lokkit?

Thanks again!


Glad to be here!

 

[sleipnir214]

I've never looked.

You can find out for yourself pretty easily. The firewall settings for lokkit are stored in /etc/sysconfig/iptables.

But again, I strongly recommend using a more customized firewall configuration.



Want the best answers? Ask the best questions!

TANSTAAFL!!