Bug 232610 - RFE: a bit of documentation
RFE: a bit of documentation
Product: Fedora
Classification: Fedora
Component: system-config-firewall (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2007-03-16 09:14 EDT by Tony Nelson
Modified: 2013-11-06 14:33 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-11-06 14:33:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tony Nelson 2007-03-16 09:14:40 EDT
Description of problem:
iptables is pretty mysterious to the new administrator (me), and the clever
rules provided by system-config-securitylevel make it even more so.  It would be
good to have a bit of documentation come with system-config-securitylevel, with
a help button on its window and also a link to it in the comments it puts at the
head of /etc/sysconfig/iptables.  That documentation (probably a simple html or
text file) should point to basic iptables docs for the basic theory (Rusty's
iptables HOWTO would be good), and then should explain the rules that
system-config-securitylevel applies:

Remind users that system-config-securitylevel will overwrite any changes made to
/etc/sysconfig/iptables, but only if OK is pressed.

Link to Rusty's iptables HOWTO, but remind us of the basics:  only IP (TCP/IP,
etc) traffic is filtered by iptables -- other protocols over the network
interfaces don't go through it; traffic /to/ our IPs goes through INPUT, traffic
/to/ elsewhere goes through FORWARD, traffic /from/ our IPs goes through OUTPUT.

Explain each rule.

Explain why INPUT and FORWARD use the same rules, and suggest when the FORWARD
rules might be relaxed (eg, when bridging).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
As I said, I'm new to this.  Some of what I said may be wrong.  If you want, ask
me to write a draft, but be sure to check it carefully!
Comment 1 Thomas Woerner 2007-09-21 05:05:13 EDT
Assigning to system-config-firewall and devel.
Comment 2 Jon Stanley 2008-04-23 16:29:06 EDT
Adding FutureFeature keyword to RFE's.
Comment 3 Karel Volný 2008-09-15 08:21:46 EDT
I second this request ... I just tried to setup masquerading on eth0 for my usb (cdc-ehter) toy, and I miserably failed trying to determine how to convert the simple command

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

into some sequence of mouse clicks within system-config-firewall to achieve the same effect :-(
Comment 4 Thomas Woerner 2013-11-06 14:33:04 EST
Closing because there will not be big changes to system-config-firewall anymore.

Note You need to log in before you can comment on or make changes to this bug.