Description of problem: iptables is pretty mysterious to the new administrator (me), and the clever rules provided by system-config-securitylevel make it even more so. It would be good to have a bit of documentation come with system-config-securitylevel, with a help button on its window and also a link to it in the comments it puts at the head of /etc/sysconfig/iptables. That documentation (probably a simple html or text file) should point to basic iptables docs for the basic theory (Rusty's iptables HOWTO would be good), and then should explain the rules that system-config-securitylevel applies: Remind users that system-config-securitylevel will overwrite any changes made to /etc/sysconfig/iptables, but only if OK is pressed. Link to Rusty's iptables HOWTO, but remind us of the basics: only IP (TCP/IP, etc) traffic is filtered by iptables -- other protocols over the network interfaces don't go through it; traffic /to/ our IPs goes through INPUT, traffic /to/ elsewhere goes through FORWARD, traffic /from/ our IPs goes through OUTPUT. Explain each rule. Explain why INPUT and FORWARD use the same rules, and suggest when the FORWARD rules might be relaxed (eg, when bridging). Version-Release number of selected component (if applicable): system-config-securitylevel-1.6.27-1.i386 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: As I said, I'm new to this. Some of what I said may be wrong. If you want, ask me to write a draft, but be sure to check it carefully!
Assigning to system-config-firewall and devel.
Adding FutureFeature keyword to RFE's.
I second this request ... I just tried to setup masquerading on eth0 for my usb (cdc-ehter) toy, and I miserably failed trying to determine how to convert the simple command iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE into some sequence of mouse clicks within system-config-firewall to achieve the same effect :-(
Closing because there will not be big changes to system-config-firewall anymore.