Default firewall rules...

[Zigzagcom]

Over the last few weeks I have been teaching myself iptables. Lately I have been trying to find the source of the default firewall rules/configuration for Fedora Core.
Here it is:
Within the "system-config-securitylevel-1.6.16-1.i386.rpm_FILES", (which I extracted), is the script /system-config-securitylevel-1.6.16-1.i386.rpm_FILES/usr/share/system-config-securitylevel/system-config-securitylevel.py,
which points to /usr/sbin/lokkit. Viewing the file in "mc", I finally found the source.

Now I know, and thought I'd share my insignificant discovery with those that may have wondered too.

[brandor]

Aren't the default rules stored in a script in /etc/sysconfig?

[Zigzagcom]

No, /etc/sysconfig/iptables is just a place holder. That is what drove me up the wall, trying to find the exact source of the rules. These rules are hard coded.
You could try an experiment. Make a backup, disable the firewall, flush iptables, rename /etc/sysconfig/iptables to whatever (or even delete it), then re-boot. Make sure that iptables doesn't run as a service on startup. After the re-boot, look for the iptables file. Then run system-config-securitylevel and enable the firewall again. Iptables is back, with the default rules. You can restore the old firewall rules from the backup.

[jcliburn]

Interesting. Good sleuthing. I'm curious whether running system-config-securitylevel and making *any* change to the firewall from the gui would invoke lokkit to rewrite the default /etc/sysconfig/iptables, then add whatever customization I specified in the gui. This would be *bad*, because I always hand customize my /etc/sysconfig/iptables directly without using the gui. Do you know if it works that way?

[Zigzagcom]

Yes, that is exactly what happens, and there are quite a few warnings about doing hand edits or using other tools to manipulate the firewall and then using the Fedora config tool thereafter. The same can be said about system-config-httpd