Packet filtering allows your computer to drop or accept IP packets based on the following criteria:
Origin and Destination are qualified by:
The rules you are entering are bi-directional. In one screen, you qualify packets flowing from the origin to the destination and the reverse. This is why you are allowed to specify the interface twice.
You can control the packets which are accepted by your computer. Inputing rules allow you to discard some packets at reception time.
You can control packets going through your computer. One special case of forwarding rules are the masquerading rules. These are handled in the same user interface (a simple checkbox). Masquerading is generally used to hide computers on Intranets and provides them almost full connectivity to the Internet. All connections to the Internet seems to come from the firewall itself.
You can control packets that are about to leave your computer. You can discard packets at delivery time. Most firewalls can be implemented using inputing rules. One special case of forwarding rules are the masquerading rules. These are handled in the same user interface (a simple checkbox).
You can permanently deactivate a rule or all rules without erasing them. This is handy for testing firewalling capabilities and for establishing "switchable" policies. Each rule has a checkbox for activation.
One screen is provided to activate/deactivate all blocking and forwarding rules at once.
Firewalling in Linux may be deadly. An improper configuration can bring the network to its knees. One command that may save your day is
netconf --resetfw
This command deactivates all firewalling rules. It does not affect the configuration -- it affects only the working set.
netconf --update
will reactivate the rules. You may need to use those two commands to check out if a network malfunction is caused by your firewalling rules or not.