Fedora Core comes with a 2.6 kernel, which comes in turn with
iptables. Some other distributions require you to use your own way of loading rules on boot (for example, a script), but Fedora Core comes with an easy way to do it. Note that the way I’m going to describe is not compatible with the simple firewall GUI launched via:
1 $ system-config-securitylevel
Both ways are mutually exclusive: you can either use the simple GUI above and don’t touch
iptables directly, or let the GUI alone and manually use your beloved
iptables. This is the latter way I’m describing here.
First, simply add your rules via the
iptables command as you would do on any other distribution.
When you’re done, and want to save the current rules, use this:
1 # service iptables save
And you’re done!
If you were wondering about the
service command, this is the way Red Hat distributions let you simply manipulate the
/etc/init.d/ scripts. There’s also
chkconfig to change runlevels at which given services will start or stop, that is, adding or removing
/etc/rc?.d/ scripts. But this is another story! (Probably in a later post).
Now back to the
service command. You can replace
save above with:
statusto list current rules and a couple of statistics
panicto temporarily block all internet traffic (if you’re under heavy attack, yay!)
restartto reload previously saved settings and lose current ones
condrestartto restart only if the firewall was previously activated (that is, doesn’t do anything if iptables is stopped)
stopto disable the firewall
startto… huh :)