Fedora Core comes with a 2.6 kernel, which comes in turn with iptables
. Some other distributions require you to use your own way of loading rules on boot (for example, a script), but Fedora Core comes with an easy way to do it. Note that the way I’m going to describe is not compatible with the simple firewall GUI launched via:
1
$ system-config-securitylevel
Both ways are mutually exclusive: you can either use the simple GUI above and don’t touch iptables
directly, or let the GUI alone and manually use your beloved iptables
. This is the latter way I’m describing here.
First, simply add your rules via the iptables
command as you would do on any other distribution.
When you’re done, and want to save the current rules, use this:
1
# service iptables save
And you’re done!
If you were wondering about the service
command, this is the way Red Hat distributions let you simply manipulate the /etc/init.d/
scripts. There’s also chkconfig
to change runlevels at which given services will start or stop, that is, adding or removing /etc/rc?.d/
scripts. But this is another story! (Probably in a later post).
Now back to the service
command. You can replace save
above with:
status
to list current rules and a couple of statisticspanic
to temporarily block all internet traffic (if you’re under heavy attack, yay!)restart
to reload previously saved settings and lose current onescondrestart
to restart only if the firewall was previously activated (that is, doesn’t do anything if iptables is stopped)stop
to disable the firewallstart
to… huh :)