Firewall Configuration

Redhat includes an automatic firewall generator within its distribution. You can get to this by typing `setup` then choosing `firewall` and setting up a High, Medium or Nonexistant firewall. If you don't want to mess with things much, and don't want your machine being a server in any way, then choose High or Medium. If you want to accept, say, ssh requests, then choose Medium and put port 22 in the customization field. If you don't like this utility, and want to define your own rules, you can do so by adding an ipchains file to your /etc/sysconfig directory.

To see current ipchains rules you can type `ipchains -L -n` (-n is no name resolution - makes it display faster)
To see current iptables rules you can type `iptables -L -n`
To flush either ruleset, you can use the -F flag

This is a sample configuration file that I use on my machine that accepts generic DNS requests, DHCP and SSH.

:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 53 -d 0/0 -p udp -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -p tcp -y -j REJECT
-A input -s 0/0 -d 0/0 -p udp -j REJECT

While talking about firewall configurations, you should also look into tcp_wrappers using /etc/hosts.allow and /etc/hosts.deny. Do a `man hosts.allow` and `man hosts.deny` to find out some configuration options. If you aren't using your system as a server, you should really think about having your default /etc/hosts.deny file like this:

ALL:ALL

This will deny all incoming connections to any daemon using tcp_wrappers by default (nfs, ssh, portmap, etc.)