IPTABLES Firewall beginner

Hi everybody!
I am just starting in the world of firewalling and am still a bit confused
after having read lot of documentation (and still reading...)
Some basic and practical question are still unanswered in my mind also due
my little experience with Linux (I have worked for many years with Microsoft
products, I am MCSE, MCP, MCSA but this is not usefull at all now :-((((( )
I send my questions in cyberspace hoping that someone will give me some
advice:

1) I have choosed Fedora Core 1, is that a good choice?
2) Do I need to recompile the kernel to setup appropriate modules? Could I
achieve the same good result loading modules with modprobe? If yes, how can
I do this? Where should I put the script containing modprobe to be executed
at system startup?
3) I have made some experiment in configuring iptables using the appropriate
plugin in Webmin. I have noticed that every time I change the rules and
apply them all connections are dropped. Why? Is this by design?
4) What is the best way to deploy IPTABLES on a medium scale (I think I will
have 60-100 rules) and mantain them on a regular basis? It's better to use
rc.firewall or iptables-restore? And what about such tools as knetfiler,
guarddog, kmyfirewall, etc..? What tools to you use?
5) What is the best source of information where to find answer to my
question in a straightforward way?

Thanks for getting me out of the fog
Gianni Bragante

Gianni Bragante wrote:
> 1) I have choosed Fedora Core 1, is that a good choice?

As good as any other. Iptables is a kernel feature and independent of
the distribution.

> 2) Do I need to recompile the kernel to setup appropriate modules?

No.

> Could I achieve the same good result loading modules with modprobe?

Normally modules are loaded automatically, you don't need to explicitely
modprobe them.

> 4) What is the best way to deploy IPTABLES on a medium scale
> (I think I will have 60-100 rules)

That sounds insanely large. Why would you need such a huge number of
rules?

> 5) What is the best source of information where to
> find answer to my question in a straightforward way?

http://www.iptables.org/documentation/index.html

--
Markku Kolkka
(E-Mail Removed)

Markku, thank you for your answer

> > 2) Do I need to recompile the kernel to setup appropriate modules?
> No.
> > Could I achieve the same good result loading modules with modprobe?
> Normally modules are loaded automatically, you don't need to explicitely
> modprobe them.

I have based my question upon the fact that Knetfilter does not even start
if appropriate modules are not modprobed correctly. The author gaves my this
advice and then I was able to start that program. In what case are modules
loaded automatically and when they are not?

> > 4) What is the best way to deploy IPTABLES on a medium scale
> > (I think I will have 60-100 rules)
> That sounds insanely large. Why would you need such a huge number of
rules?

I have to protect 2 hosts providing some services each: one providing 5
services + 4 protocols outbound so for both directions means 5 x 2 + 4 x 2 =
18 rules. The other offers 8 services and has 12 protocol outbound so 8 x 2
+ 12 x 2 = 40.

Gianni Bragante