Lokkit is an attempt to provide firewalling for the average Linux end user. Instead of having to configure firewall rules the Lokkit program asks a small number of simple questions and writes a firewall rule set for you.
Lokkit is not designed to configure arbitary firewalls. To make it simple to understand it is solely designed to handle typical dialup user and cable modem setups. It is not the answer to a complex firewall configuration, and it is not the equal of an expert firewall designer.
There are two basic configuration settings you can choose. The high security option blocks all incoming connections to your machine except for a few basic services you get to select. This gives maximum coverage for security but will stop irc dcc and ICQ working without proxies. It will also affect ftp and realaudio although these can be set up to work in this mode via the preferences dialogs.
The low security mode screens only system sevices including your X windows sessions and NFS from the outside world. This will not generally interfere with other facilities such as ICQ and Realaudio.
If you have other machines attached to an ethernet (for example a home LAN) you will be offered the chance to 'trust' this network. This means the firewall rules will not be applied when machines on your home network are talking to your Linux server. Linux will however apply the same protection to machines on this ethernet as to itself.
This is most common in an office environment or with a cable modem connection. You should say no when asked if you wish to trust your cable modem ethernet. If you have a second ethernet for your home network you may wish to 'trust' this so that your own machines can use your server unhindered.
FTP has two modes of operation one of which is firewall friendly. Modern FTP clients tend to support the friendly mode (called 'Passive Mode'). Netscape automatically used passive mode. The command line ftp client will use it if run as "pftp" not "ftp" and the ncftp client as "ncftp -P".
Realaudio defaults to using UDP which is hard to firewall. If you bring up your Realaudio preferences you can change the stream type to 'TCP'. This will allow you to continue to use the Realaudio service.
BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.