/etc/sysconfig/firewall.local is a shell script file for custom configurations that cannot be configured with the firewall GUI. The firewall.local file is a simple shell script and only can be edited with a text editor. It is executed with root permissions every time when the firewall is loaded.
This is usually used for adding additional iptables rules. Those should be added in the "start" section and be removed correspondingly in the "stop" section.
Despite adding firewall rules, you may also start and stop system services or do anything else that can be done from a Linux shell.
Instead of altering the default iptables chains (which can be very dangerous when the firewall ruleset does not work as intended), there are extra chains that MUST be used for this. Packets pass these chains BEFORE they go through the rest of the ruleset.
Use CUSTOMINPUT, CUSTOMFORWARD and CUSTOMOUTPUT for the filter table and CUSTOMPREROUTING, CUSTOMPOSTROUTING and CUSTOMOUTPUT for the nat table.