In my review of Fedora 18, I discussed my initial impressions of that newest release. Having now begun to install Fedora 18 on several more hosts in my constantly changing world I have found some interesting under the cover changes.
A new firewall, firewalld, is now the default firewall for Fedora. Of course Fedora is the proving ground for many new things so, while this change was not particularly well documented, changes to Fedora in general should not be a surprise. The firewalld daemon is mentioned in three short paragraphs in the Fedora 18 release notes which only references the man pages for the new firewalld commands for further information, and once as being a new addition in the Technical Notes document. Both are available as PDF files from the Fedora Documentation Project.
The firewalld rules are quite complex compared to what I have been using with IPTables. This, and the fact that I am not yet familiar with the rule syntax or the overall structure of firewalld means that, for now at least, I need to revert to IPTables on my Fedora 18 hosts.
Reverting to IPTables
The good news is that the old IPTables firewall is still available until I can learn how to best create the firewall rules I need with firewalld. However it, too, has changed and some of the old IPTables rules, especially those using state related rule sets have been altered.
First, to convert back to IPTables, stop and disable the firewalld service and start and enable the iptables service. Of course you must do this safely with your network disabled until you can get your new (old) firewall back in place. Then use the iptables-restore command to restore your old IPTables rules from the saved copy. You did save a backup copy of your IPTables firewall rules, right?
At this point, IPTables gives some errors indicating that one should use new connection tracking rules in lieu of the state-related rules. The best part is that IPTables is smart enough to give you the warning message and then translate the rules into connection tracking rules. At that point you can simply use the iptables-save command view the translated rules and redirect the output to /etc/sysconfig/iptables to save the translated rules.
So now I will take some time to learn this new firewall system while my IPTables firewall protects me.
Here is a link to the Fedora Project FirewallD documentation. http://fedoraproject.org/wiki/FirewallD