Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
81828384858687888990
Chapter 2. Securing Your Network
74
2.5.2.5. Saving the Settings
Click OK to save the changes and enable or disable the firewall. If Enable firewall was selected,
the options selected are translated to iptables commands and written to the /etc/sysconfig/
iptables file. The iptables service is also started so that the firewall is activated immediately after
saving the selected options. If Disable firewall was selected, the /etc/sysconfig/iptables file is
removed and the iptables service is stopped immediately.
The selected options are also written to the /etc/sysconfig/system-config-firewall file so
that the settings can be restored the next time the application is started. Do not edit this file by hand.
Even though the firewall is activated immediately, the iptables service is not configured to start
automatically at boot time. Refer to Section 2.5.2.6, “Activating the IPTables Service” for more
information.
2.5.2.6. Activating the IPTables Service
The firewall rules are only active if the iptables service is running. To manually start the service, use
the following command:
[root@myServer ~] # service iptables restart
To ensure that iptables starts when the system is booted, use the following command:
[root@myServer ~] # chkconfig --level 345 iptables on
2.5.3. Using IPTables
The first step in using iptables is to start the iptables service. Use the following command to start
the iptables service:
[root@myServer ~] # service iptables start
Note
The ip6tables service can be turned off if you intend to use the iptables service only. If you
deactivate the ip6tables service, remember to deactivate the IPv6 network also. Never leave a
network device active without the matching firewall.
To force iptables to start by default when the system is booted, use the following command:
[root@myServer ~] # chkconfig --level 345 iptables on
This forces iptables to start whenever the system is booted into runlevel 3, 4, or 5.
2.5.3.1. IPTables Command Syntax
The following sample iptables command illustrates the basic command syntax:
[root@myServer ~ ] # iptables -A <chain> -j <target>
The -A option specifies that the rule be appended to <chain>. Each chain is comprised of one or more
rules, and is therefore also known as a ruleset.