
Firewall Customization

   Choose which trusted devices and incoming services
   should   be  allowed  for  your  network  security
   settings.

   Trusted  Devices -- Checking these for any of your
   devices allows all traffic coming from that device
   to  be  allowed. For example, if you are running a
   local  network, but are connecting to the Internet
   via  a  PPP  dialup,  you could check that eth0 is
   trusted  to  allow  any  traffic  coming from your
   local network.

   It  is  not recommended to enable this for devices
   that are connected to public networks, such as the
   Internet.

   Allow Incoming -- Enabling these options allow the
   specified  services  to pass through the firewall.
   Note, during a workstation-class installation, the
   majority  of these services are not present on the
   system.

     * DHCP  -- This allows DHCP queries and replies,
       and  allows  any  network  interfaces that use
       DHCP  to  determine  their IP address. DHCP is
       normally enabled.
     * SSH  --  Secure  Shell (SSH) is a protocol for
       logging  into and executing commands on remote
       machines.   It   provides   secure   encrypted
       communications.  If you plan on accessing your
       machine  remotely  via  SSH  over a firewalled
       interface,  enable  this  option. You need the
       openssh-server   package  installed  for  this
       option to be useful.
     * Telnet  --  Telnet  is  a protocol for logging
       into  remote  machines. It is unencrypted, and
       provides little security from network snooping
       attacks.  Enabling  telnet is not recommended.
       You  need  the telnet-server package installed
       for this option to be useful.
     * WWW  (HTTP)  --  HTTP  is the protocol used by
       Apache  to  serve  Web  pages.  If you plan on
       making  your  Web  server  publicly available,
       enable   this   option.  This  option  is  not
       required   for   viewing   pages   locally  or
       developing  Web  pages.  You  need  the Apache
       package   installed  for  this  option  to  be
       useful.
     * Mail  (SMTP) -- This allows incoming SMTP mail
       delivery. If you need to allow remote hosts to
       connect  directly  to  your machine to deliver
       mail,  enable  this option. You do not need to
       enable this if you collect your mail from your
       ISP's  server by POP3 or IMAP, or if you use a
       tool   such   as   fetchmail.   Note  that  an
       improperly  configured  SMTP  server can allow
       remote  machines  to  use  your server to send
       spam.
     * FTP  -- FTP is a protocol used for remote file
       transfer.  If  you  plan  on  making  your FTP
       server publicly available, enable this option.
       You  need  the  wu-ftpd (and possibly anonftp)
       packages  installed  for  this  option  to  be
       useful.
     * Other  ports  --  You  can  specify that other
       ports  not  listed here be allowed through the
       firewall.     The    format    to    use    is
       'port:protocol'. For example, if you wanted to
       allow  IMAP  access through your firewall, you
       can  specify  'imap:tcp'. You can also specify
       numeric ports explicitly; to allow UDP packets
       on  port  1234 through, specify '1234:udp'. To
       specify   multiple  ports,  separate  them  by
       commas.
