Bug 105827
| Summary: | RFE: Current firewall configuration GUI lacks functionality | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Bruce A. Locke <blocke> | ||||
| Component: | redhat-config-securitylevel | Assignee: | Paul Nasrat <nobody+pnasrat> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | CC: | bfox, dlr, jfm512, jonathansavage, mitr, okapi, smearp | ||||
| Target Milestone: | --- | Keywords: | FutureFeature | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 1.5.8.1-1 | Doc Type: | Enhancement | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2005-11-29 16:00:32 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Bruce A. Locke
2003-09-28 05:58:46 UTC
Firestarter or similar might represent a step in the right direction. From firestart's page: "Firestarter is now included in the Fedora project." I don't see this listed in the RPMs on the FTP sites. Any ideas? To clarigy, the FTP site being the FTP of Fedora that is. I would just like to add a "me too" to this RFE. It could be fixed by changing over to a graphical firewall config tool, or by adding back the "other ports" option that used to be in this tool. My sentence above was incomplete: It could be fixed by changing over to a graphical firewall config tool was supposed to be It could be fixed by changing over to a graphical firewall config tool like firestarter. Sorry... I wonder if an IPTables firewall solution would be appropriate? A firewall script based on iptables, would have many enhancemants (opend ports, blocked ports, blocked hosts, routing etc...), and would provide a pretty good solution. The interface adjusted for configuring this firewall script. On the other hand iptables support is needed. One functionalitry who is sorely missing is support for masquerading (not really related to security but it is basically the same tool). Also while now Redhat and Fedora use iptables, AFAIK, they don't take advantage of them for stateful firewalling. It is a real pity. It looks good to have a look at Shorewall (www.shorewall.net), which is not a GUI but a UI. It comes with a great set easy to manage config files. The development is very active and the setup is easy and almost all functionality has been implemented. Firestarter should be an excellent tool to use as is or to tweak to make it fit fedora's inculsion requirements especially since the 1.0 version will have improved HIG compliamce. I there a reason (from developers) why firestarter is and was not the default firewall config tool? This is related to bug 128046 (likely a superset of that issue). Created attachment 106193 [details]
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora
The ability to punch arbitrary ports through the firewall appears to exist in
later versions of the Fedora incarnation of this tool, though it's unclear to
me from the GUI whether port ranges are also allowed.
If port ranges are allowed, an example could provided in the GUI a la the
"1029:tcp" example for "Other ports".
Should this item be closed now that the GUI and capabilities have improved in FC4? |