Fedora Core comes with a 2.6 kernel, which comes in turn with iptables. Some other distributions require you to use your own way of loading rules on boot (for example, a script), but Fedora Core comes with an easy way to do it. Note that the way I’m going to describe is not compatible with the simple firewall GUI launched via:

$ system-config-securitylevel

Both ways are mutually exclusive: you can either use the simple GUI above and don’t touch iptables directly, or let the GUI alone and manually use your beloved iptables. This is the latter way I’m describing here.

First, simply add your rules via the iptables command as you would do on any other distribution.
When you’re done, and want to save the current rules, use this:

# service iptables save

And you’re done!

If you were wondering about the service command, this is the way Red Hat distributions let you simply manipulate the /etc/init.d/ scripts. There’s also chkconfig to change runlevels at which given services will start or stop, that is, adding or removing /etc/rc?.d/ scripts. But this is another story! (Probably in a later post).

Now back to the service command. You can replace save above with:

  • status to list current rules and a couple of statistics
  • panic to temporarily block all internet traffic (if you’re under heavy attack, yay!)
  • restart to reload previously saved settings and lose current ones
  • condrestart to restart only if the firewall was previously activated (that is, doesn’t do anything if iptables is stopped)
  • stop to disable the firewall
  • start to… huh :)