Red Hat Bugzilla – Bug 232610
RFE: a bit of documentation
Last modified: 2013-11-06 14:33:04 EST
Description of problem:
iptables is pretty mysterious to the new administrator (me), and the clever
rules provided by system-config-securitylevel make it even more so. It would be
good to have a bit of documentation come with system-config-securitylevel, with
a help button on its window and also a link to it in the comments it puts at the
head of /etc/sysconfig/iptables. That documentation (probably a simple html or
text file) should point to basic iptables docs for the basic theory (Rusty's
iptables HOWTO would be good), and then should explain the rules that
Remind users that system-config-securitylevel will overwrite any changes made to
/etc/sysconfig/iptables, but only if OK is pressed.
Link to Rusty's iptables HOWTO, but remind us of the basics: only IP (TCP/IP,
etc) traffic is filtered by iptables -- other protocols over the network
interfaces don't go through it; traffic /to/ our IPs goes through INPUT, traffic
/to/ elsewhere goes through FORWARD, traffic /from/ our IPs goes through OUTPUT.
Explain each rule.
Explain why INPUT and FORWARD use the same rules, and suggest when the FORWARD
rules might be relaxed (eg, when bridging).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
As I said, I'm new to this. Some of what I said may be wrong. If you want, ask
me to write a draft, but be sure to check it carefully!
Assigning to system-config-firewall and devel.
Adding FutureFeature keyword to RFE's.
I second this request ... I just tried to setup masquerading on eth0 for my usb (cdc-ehter) toy, and I miserably failed trying to determine how to convert the simple command
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
into some sequence of mouse clicks within system-config-firewall to achieve the same effect :-(
Closing because there will not be big changes to system-config-firewall anymore.