
Firewall Configuration

   CentOS  also  offers  you  firewall protection for
   enhanced  system security. A firewall sits between
   your  computer  and  the  network,  and determines
   which  resources  on your computer remote users on
   the   network  are  able  to  access.  A  properly
   configured   firewall  can  greatly  increase  the
   out-of-the-box security of your system.

   Choose  the  appropriate  security  level for your
   system.

   High  Security  -- By choosing High Security, your
   system  will  not  accept connections that are not
   explicitly  defined  by  you. By default, only the
   following connections are allowed:

     * DNS replies
     * DHCP  --  so  any  network interfaces that use
       DHCP can be properly configured.

   Using  this  High  Security  will  not  allow  the
   following:

     * Active  mode  FTP  (Passive  mode FTP, used by
       default in most clients, should work fine.)
     * IRC DCC file transfers
     * RealAudio(tm)
     * Remote X Window System clients

   If you are connecting your system to the Internet,
   but  do  not  plan  to  run  a server, this is the
   safest  choice. If additional services are needed,
   you   can   choose  Customize  to  allow  specific
   services through the firewall.

   Medium  Security  -- Choosing Medium Security will
   not  allow  your  system to have access to certain
   resources.  By  default,  access  to the following
   resources are not allowed:

     * ports   lower  than  1023  --  these  are  the
       standard  reserved  ports, used by most system
       services, such as FTP, SSH, telnet, and HTTP.
     * NFS server port (2049)
     * the local X Window System display for remote X
       clients
     * the  X  Font  server port (This is disabled by
       default in the font server.)

   If   you   want   to   allow   resources  such  as
   RealAudio(tm),  while  still  blocking  access  to
   normal  system  services,  choose Medium Security.
   You   can   choose  Customize  to  allow  specific
   services through the firewall.

   No  Firewall -- No firewall allows complete access
   and  does  no security checking. It is recommended
   that this only be selected if you are running on a
   trusted network (not the Internet), or if you plan
   to do more detailed firewall configuration later.

   Choose  Customize  to  add  trusted  devices or to
   allow additional incoming interfaces.
