create a firewall on redhat

[farley99]

If I make a file called /etc/rc.d/rc.fw with my firewall rules do i still need IP tables?

 

[pansophic]

What were you intending to put in the rc.fw file? Normally this would be iptables commands.

There is a firewall tool in RedHat now. You can use lokkit or you can use the Security Level Configuration tool that is under System Settings, Security Level. But both of these still just build iptables.


pansophic

 

[farley99]

What is the difference between using rc.fw and iptables--restore?

 

[pansophic]

I've only seen the rc.fw on the Linux floppy fw. You should find an iptables script in /etc/rc.d/init.d/, which is where RedHat normally applies the rules. But again, I'd iterate that the rc.fw files that I have seen just have iptables (or ipchains) commands in a shell script that gets run on boot. The init.d scripts have an advantage in that you can specify whether or not they are started or killed for any given run level. If you switch run levels using the init command, the rules can be turned off automatically.

Your configuration information should be stored in /etc/sysconfig/iptables. This is a flat file that just contains the option for an iptables command. One rule per line.

I've never used iptables-restore, but it looks as if it will read rules out of a flat file, and put those rules in place. The man pages are thin, and I don't have the HOWTOs installed to verify. One advantage of restore is that it automatically flushes prior to creating rules. Using iptables, you have to flush first, then install your ruleset.


pansophic