The firewalling in Linux is highly flexible and can be very complicated. Linuxconf is proposing a simple logic that simplifies the composition of the firewalling rule. While this logic helps create and maintain a basic firewall, some configurations may not be created with linuxconf. Here is the logic:
When you activate one of the three firewalling systems (input, forward, output), Linuxconf will set the default policy to deny. All rules you enter are indeed holes or openings in the firewall. If you enter no rules, then your machine will be pretty isolated, answering to nothing.
Here is an example for a simple network. Mostly, you have eth0 pointing to the local network. Nothing must be reachable from the outside on this network. eth1 points to a router on the Internet.
Protocol icmp
-----------From---------------
Host or Network 0.0.0.0
Netmask
Port range
Other ports
Interface eth1
-----------To-----------------
Host or Network eth1
Netmask
Port range
Other ports
Interface Any
Ultimately only port
Protocol udp
-----------From---------------
Host or Network 0.0.0.0
Netmask 0.0.0.0
Port range
Other ports
Interface eth1
-----------To-----------------
Host or Network eth1
Netmask
Port range
Other ports
Interface Any