The right way to use iptables under Fedora Core

Fedora Core comes with a 2.6 kernel, which comes in turn with iptables. Some other distributions require you to use your own way of loading rules on boot (for example, a script), but Fedora Core comes with an easy way to do it. Note that the way I’m going to describe is not compatible with the simple firewall GUI launched via:

user$ system-config-securitylevel

Both ways are mutually exclusive : you can either use the simple GUI above and don’t touch iptables directly, or let the GUI alone and manually use your beloved iptables. This is the latter way I’m describing here.

First, simply add your rules via the iptables command as you would do on any other distribution.
When you’re done, and want to save the current rules, use this :

root# service iptables save

And you’re done !

If you were wondering about the service command, this is the way Red Hat distributions let you simply manipulate the /etc/init.d/ scripts. There’s also chkconfig to change runlevels at which given services will start or stop, that is, adding or removing /etc/rc?.d/ scripts. But this is another story ! (Probably in a later post).

Now back to the service command. You can replace save above with :

  • status, to list current rules and a couple of statistics
  • panic, to temporarily block all internet traffic (if you’re under heavy attack, yay !)
  • restart, to reload previously saved settings and lose current ones
  • condrestart, restart only if the firewall was previously activated (that is, doesn’t do anything if iptables is stopped)
  • stop, disable the firewall
  • start, huh 🙂