Firewall Customization

   Choose which trusted devices and incoming services
   should be allowed for your network security
   settings.

   Trusted Devices -- Checking these for any of your
   devices allows all traffic coming from that device
   to be allowed. For example, if you are running a
   local network, but are connecting to the Internet
   via a PPP dialup, you could check that eth0 is
   trusted to allow any traffic coming from your
   local network.

   It is not recommended to enable this for devices
   that are connected to public networks, such as the
   Internet.

   Allow Incoming -- Enabling these options allow the
   specified services to pass through the firewall.
   Note, during a workstation-class installation, the
   majority of these services are not present on the
   system.

     * DHCP -- This allows DHCP queries and replies,
       and allows any network interfaces that use
       DHCP determine their IP address. DHCP is
       normally enabled.
     * SSH -- Secure Shell (SSH) is a protocol for
       logging into and executing commands on remote
       machines. It provides secure encrypted
       communications. If you plan on accessing your
       machine remotely via SSH over a firewalled
       interface, enable this option. You need the
       openssh-server package installed for this
       option to be useful.
     * Telnet -- Telnet is a protocol for logging
       into remote machines. It is unencrypted, and
       provides little security from network snooping
       attacks. Enabling telnet is not recommended.
       You need the telnet-server package installed
       for this option to be useful.
     * WWW (HTTP) -- HTTP is the protocol used by
       Apache to serve Web pages. If you plan on
       making your Web server publicly available,
       enable this option. This option is not
       required for viewing pages locally or
       developing Web pages. You need the Apache
       package installed for this option to be
       useful.
     * Mail (SMTP) -- This allows incoming SMTP mail
       delivery. If you need to allow remote hosts to
       connect directly to your machine to deliver
       mail, enable this option. You do not need to
       enable this if you collect your mail from your
       ISP's server by POP3 or IMAP, or if you use a
       tool such as fetchmail. Note that an
       improperly configured SMTP server can allow
       remote machines to use your server to send
       spam.
     * FTP -- FTP is a protocol used for remote file
       transfer. If you plan on making your FTP
       server publicly available, enable this option.
       You need the wu-ftpd (and possibly anonftp)
       packages installed for this option to be
       useful.
     * Other ports -- You can specify that other
       ports not listed here be allowed through the
       firewall. The format to use is
       'port:protocol'. For example, if you wanted to
       allow IMAP access through your firewall, you
       can specify 'imap:tcp'. You can also specify
       numeric ports explicitly; to allow UDP packets
       on port 1234 through, specify '1234:udp'. To
       specify multiple ports, separate them by
       commas.