The problems is not that my /etc/sysconfig/iptables is wrong.
The file is correct. And it works correctly. The problem is that iptables
incorrectly starts at boot time. In order to start my iptables, I have to stop
iptables launched at boot process and re-start them again. A quick
workaround, which I think may fix crab-com's problem, is to add
to the end of /etc/rc.local
As far as I understand, programs shorewall and firestarter are actually
frontends to iptables rules. They modify file /etc/sysconfig/iptables .
Do they modify start-up scripts as well?
When I started fresh FC6, I noticed that all ports were closed.
FC6 installation process put nothing in /etc/sysconfig/iptables
Is it a documented "feature": to block everything unless you disable
iptables? Or I missed something in installation process? Or at boot time
startup files uses not the rules in /etc/sysconfig/iptables but rules
defined in some other file?
Although shorewall and firestarter may be useful for a custom firewall
setup, we need to figure out how to use user-supplied /etc/sysconfig/iptables
because using specific iptables may be mandated by a corporate policy:
Either you put the file with these iptables rules, or we will block
your ip address.