FireWall can either refer to a machine used to filter (usually IP) packets or the software used on that machine to provide packet filtering.
If you need a decent iptables firewall for your Linux box, you probably want to give PerrysFirewallingScript a try.
There are distributions that exist only to provide firewalling; PerryLorier is working on a Firewall-on-a-disc system. You can technically speaking shut a Linux machine down into kernel-only mode and still be running a firewall.
To create a rule that will send back an ICMP message, use
iptables -A chain [...? --jump REJECT --reject-with icmp-port-unreachable
The type given can be icmp-net-unreachable, icmp-host-unreachable, icmp-port-unreachable, icmp-proto-unreachable, icmp-net-prohibited or icmp-host-prohibited, which return the appropriate ICMP error message (port-unreachable is the default).
iptables -D chain [rule number? iptables -D chain [rule description?
Hint: if you want to delete a rule and you don't want to have to mess around with specifying ports etc, try
iptables -L --line-numbers
Then you can just use iptables -D FORWARD 1 to remove it.
This removes all rules from the specified table and chain, or all the chains in the table if none is specified.
Hint: It won't delete any user-defined chains, although it will remove the rules within them, nor will it set the default policy for the table. This, tho, should.
iptables -t filter -F iptables -t filter -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -t filter -P INPUT ACCEPT iptables -t filter -P FORWARD ACCEPT iptables -t filter -P OUTPUT ACCEPT iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t mangle -P PREROUTING ACCEPT iptables -t mangle -P INPUT ACCEPT iptables -t mangle -P FORWARD ACCEPT iptables -t mangle -P OUTPUT ACCEPT iptables -t mangle -P POSTROUTING ACCEPT
(Substitute ppp0/tcp/10.69.etc/4661 with whatever you need)
You might want to read HowToIPCHAINSHOWTO?, HowToBridgeFirewall?, HowToBridgeFirewallDSL?, HowToFirewallHOWTO?, HowToFirewallPiercing?, HowToSentryFirewallCDHOWTO? or HowToTermFirewall?. (They're all really, REALLY old.)
Can't access the NZ Herald? (http://www.nzherald.co.nz)
Make sure you have ECN disabled (echo 0 > /proc/sys/net/ipv4/tcp_ecn) and don't have any TOS (TermsOfService?) settings in your firewall script (iptables -t mangle -F PREROUTING might clean up any you have: don't try this without knowing what you are doing.)
Alternatively, you can go with the "Don't fix good science to work with a bad implementation", or manually add rules allowing access to the NZ Herald IPs.