Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 232610 - RFE: a bit of documentation
Summary: RFE: a bit of documentation
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-firewall
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-03-16 13:14 UTC by Tony Nelson
Modified: 2013-11-06 19:33 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2013-11-06 19:33:04 UTC

Attachments (Terms of Use)

Description Tony Nelson 2007-03-16 13:14:40 UTC
Description of problem:
iptables is pretty mysterious to the new administrator (me), and the clever
rules provided by system-config-securitylevel make it even more so.  It would be
good to have a bit of documentation come with system-config-securitylevel, with
a help button on its window and also a link to it in the comments it puts at the
head of /etc/sysconfig/iptables.  That documentation (probably a simple html or
text file) should point to basic iptables docs for the basic theory (Rusty's
iptables HOWTO would be good), and then should explain the rules that
system-config-securitylevel applies:

Remind users that system-config-securitylevel will overwrite any changes made to
/etc/sysconfig/iptables, but only if OK is pressed.

Link to Rusty's iptables HOWTO, but remind us of the basics:  only IP (TCP/IP,
etc) traffic is filtered by iptables -- other protocols over the network
interfaces don't go through it; traffic /to/ our IPs goes through INPUT, traffic
/to/ elsewhere goes through FORWARD, traffic /from/ our IPs goes through OUTPUT.

Explain each rule.

Explain why INPUT and FORWARD use the same rules, and suggest when the FORWARD
rules might be relaxed (eg, when bridging).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
As I said, I'm new to this.  Some of what I said may be wrong.  If you want, ask
me to write a draft, but be sure to check it carefully!

Comment 1 Thomas Woerner 2007-09-21 09:05:13 UTC
Assigning to system-config-firewall and devel.

Comment 2 Jon Stanley 2008-04-23 20:29:06 UTC
Adding FutureFeature keyword to RFE's.

Comment 3 Karel Volný 2008-09-15 12:21:46 UTC
I second this request ... I just tried to setup masquerading on eth0 for my usb (cdc-ehter) toy, and I miserably failed trying to determine how to convert the simple command

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

into some sequence of mouse clicks within system-config-firewall to achieve the same effect :-(

Comment 4 Thomas Woerner 2013-11-06 19:33:04 UTC
Closing because there will not be big changes to system-config-firewall anymore.

Note You need to log in before you can comment on or make changes to this bug.