Activating the Firewall

Clicking Finish on the Activate the Firewall page will write the firewall rules to /etc/sysconfig/ipchains and start the firewall by starting the ipchains service.

It is highly recommended that you run GNOME Lokkit from the machine, not from a remote X session. If you disable remote access to your system, you will no longer be able to access it or disable the firewall rules.

Click Cancel if you do not want to write the firewall rules.

Mail Relay

A mail relay is a system that allows other systems to send email through it. If your system is a mail relay, someone can possibly use it to spam others from your machine.

If you chose to enable mail services, after you click Finish on the Activate the Firewall page, you will be prompted to check for mail relay. If you choose Yes to check for mail relay, GNOME Lokkit will attempt to connect to the Mail Abuse Prevention System website at http://www.mail-abuse.org/ and run a mail relay test program. The results of the test will be displayed when it is finished. If your system is open to mail relay, it is highly recommended that you configure Sendmail to prevent it.

Activating the ipchains Service

The firewall rules will only be active if the ipchains service is running. To manual start the service, use the command:

/sbin/service ipchains restart

To ensure that it is started when the system is booted, issue the command:

/sbin/chkconfig --level 345 ipchains on

TipTip
 

You can also use Serviceconf to activate ipchains. See the section called Serviceconf in Chapter 8.