Two front-ends for iptables already exist in fedora core. /etc/hosts.allow is one of them and /etc/hosts.deny is the second front-end. Both need to be adjusted or script kitties will litter all over your hard drive and wn your system. /etc/hosts.allow and /etc/hosts.deny also need to be monitored for changes and you need to know if you made those changes or if you didn't. If you don't remember making those changes then someone or something else made those changes. in /etc/hosts.deny i put a line like All.: All That says allow nothing in unless found in /etc/hosts.allow. In /etc/hosts.allow I have a line like: 127.0.0.1 that line says allow only localhost access and enables both mysql and postgresql to start up error free. Without that line in /etc/hosts.allow both mysql and postgresql will error out. Now combine /etc/hosts.deny with /etc/hosts.allow in thought and what's open or should be open is only localhost to itself and no other ports. This does not necessarily guarantee script kitties won't litter all over your hard drive but should make it more difficult.
