disabling the "firewall" fedora core 3 installs by default

[showe]

hello,

I have looked about a bit to try to find documentation that explains how the default firewall is set up .
I need to know where the config. files are, how to configure them etc. etc.

Actually, the reason why I wanted to know this was to switch the DARN THING off.

I normally write my own script, save it as "firewall" or something like that in the directory /etc/init.d/rc.d/
and add it to my run level.

The result of doing this was that the firewall was overwritten by whatever the gnome-firewall script does during boot up.
When I restarted my firewall, then everything (firewall and masq) worked fine, until I reboot again of course.

I treid disabling various services, but nothing made any difference, and I could not locate any documentation on the gnome-firewall, so I took to guessing at a few strategies instead (reminds me of win 95 at this point).

Anyway, to cut a long story short , I solved the problem by cutting and pasting the firewall script to the file /etc/rc.d/rc.local instead.

I'd like to know why the firewall didn't work before doing this.
Anyone got any ideas/info on this (useless) gnome-firewall so i can try to work out what was going on before I fixed the problem ?

[bytesniper]

the firewall is actually iptables. if you type service iptables stop from a console it will stop. to keep it off when rebooting you can type chkconfig iptables off.

if you want to learn more about iptables, how it works, and how to configure it there is an excellent guide here.

hope this helps

[showe]

I had turned on the auto firewall using the gnome wizard during install.
I noticed before I reset the level in this wizard to "no firewall", there was a reference to a chain that had been auto-created during the execution of this wizard.

I understand quite well how to get the iptables commands to work, my problem is where the commands need to be put to turn them into something that will stop and start everytime i need them to and will also swich on automaticaly when I boot.

where is the "firewall" stored ?
how do I customize entries in it in a text editor ( I hate "wizards")?

I also had tried overwriting the "iptables" script in the /etc/rc.d/init.d/ directory with my custom firewall, but it still did not work as i needed after rebooting.It only worked as expected when I added the iptables commands to my/etc/rc.d/rc.local file.

[kg4cbk]

The file you want to modify is /etc/sysconfig/iptables. That file is used at start time. bytesniper already described how to start/stop/turn on/off iptables at boot time using chkconfig. You can also use the

service iptables start/stop/status

command to do this after you have booted. Spend a little time reading up on how to use iptables directly instead of hacking your system init files. It is relatively straight forward and will be consistent on any box you get on. Doing things as you described will only work on your system and as you found could have unexpected problems with the system fighting you to control a particular service.

[neoaeon]

the stock iptables init script has a feature called "save", which will save currently running rules. (kinda like `copy running start` in IOS).

You can run your script, get iptables running the way you want, then use `/etc/init.d/iptables save`, and it will preserve the current config for the next reboot.

-neo