The configuration file is /etc/sysconfig/iptables. Note that entries must be used in the right order.
To reload the firewall: service iptables restart.
Check the documentation:
Alternatively install the configuration tool:
# yum install system-config-firewall
As Dude mentioned, config is in /etc/sysconfig/iptables - which you can manually maintain by
- interactively making your rule changes
- using iptables-save output to overwrite config with
As an alternative - you can replace your /etc/init.d/iptables service with a custom rolled script. I use this option on a special server that serves as a NAT firewall/proxy/loadbalancer between two networks. I needed some additional stuff set outside iptables, and wanted a single service script to provide that as an integrated service. Thus a custom script (and no support for the sysconfig default file).
Just make sure the rules are sane when updating iptable's sysconfig - and that you do not nuke your ssh access to the server.