About F19 Firewall

P J P pj.pandit at yahoo.co.in
Sun Sep 15 18:52:07 UTC 2013


I upgraded to F19 recently. And I happened to look at the output of iptables(8) today.

   $ iptables -nL

It's baffling! It's crazy 4 pages long listing!!

 are there so many chains? Most are empty. Those which have rules, jump 
from one chain to another and that jumps to yet another.

 DNS is allowed in the internal network(chain IN_internal_allow). I 
guess  IN_internal_allow  is meant for some closed group internal 
network, not sure.

    ACCEPT     udp  --            udp dpt:5353 ctstate NEW

Who uses it?

 I looked at the firewall configuration GUI tool. That's even more 
baffling. On the left hand side, it lists zones: home, internal, public,
 work etc. without any explanation whatsoever what each one is suppose 
to do. It also has a default zone which is 'public'. I guess that must 
be the running firewall configuration. So even if I'm at work or at 
home, I'm using firewall configuration that is meant for public network,
 am I? Besides, who is going to switch between these zones everyday from
 home to work to home again?

I think for individual users, which 
is majority of the users, this is a stupid firewall. It doesn't have to 
be so complicated that even if one tries to understand it, he/she can 
not. :(


More information about the devel mailing list