Hi there !

I am running FC5 and I build my own firewall rules with FWBuilder. The question is: Which is the _right_ way to replace the default iptables infrastructure (/etc/init.d/iptables, /etc/sysconfig/iptables, /etc/sysconfig/iptables-config) created by system-config-securitylevel by the fwbuilder's generated script ?
I mean, just disable firewall in system-config-securitylevel and put the fwbuilder script in place of /etc/init.d/iptables ? Simple like that ?

any ideas will be welcome,

/etc/init.d/iptables = initscript, no changes necessary
/etc/sysconfig/iptables = iptables rules
/etc/sysconfig/iptables-config = iptabes config, logging, saving, etc., no changes necessary

Quite easy actually. Inspect your fwbuilder script because I dont know if it contains module loading, sysctl mangling etc, etc lines: sysctl goes to /etc/sysctl.conf, module loading goes on the fly. "/etc/init.d/iptables stop" to make the firewall return to default "ACCEPT" state, then load the rules by running the fwbuilder script if it is a shell script. Now run "/sbin/iptables-save > /etc/sysconfig/iptables.fwb" and inspect if OK. Copy /etc/sysconfig/iptables to /etc/sysconfig/iptables.old and symlink /etc/sysconfig/iptables.fwb to /etc/sysconfig/iptables and "/etc/init.d/iptables restart" to see if all goes well. Of course you don't have to copy and symlink, but it's nice if you want to revert w/o having to look for a backup.

Yes ! It worked !

Thanks a lot and sorry the delay to give you a feedback. I was busy seting up a new server using fwbuilder and mixing it with your hints.

regards,