Bug 72636

Summary:	Lokkit doesn't block anything under high security
Product:	[Retired] Red Hat Public Beta	Reporter:	Fred New <fred.new2911>
Component:	gnome-lokkit	Assignee:	Bill Nottingham <notting>
Status:	CLOSED NOTABUG	QA Contact:	Ben Levenson <benl>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	null	CC:	rvokal
Target Milestone:	---
Target Release:	---
Hardware:	i386
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2002-08-26 08:01:16 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Fred New 2002-08-26 08:01:10 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.1) Gecko/20020809

Description of problem:
I ran lokkit from an SSH session, requesting high security and an open SSH port.
 Listing iptables afterwards showed that all ports were open with all protocols.

Version-Release number of selected component (if applicable):
lokkit-0.50-17

How reproducible:
Always

Steps to Reproduce:
1. From a virtual terminal, enter "lokkit".
2. Select "high" and "customize"
3. Select SSH.
4. Select OK
5. Select OK
6. iptables --list

Actual Results:  The first few lines for the RH-Lokkit-0-50-INPUT table show the
following:

target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
flags:SYN,RST,ACK/SYN
ACCEPT     all  --  anywhere             anywhere

Expected Results:  Instead of

ACCEPT     all  --  anywhere             anywhere

I expect to see something like the following to permit X to run:

ACCEPT     tcp  --  localhost.localdomain  localhost.localdomain
ACCEPT     udp  --  localhost.localdomain  localhost.localdomain

Additional info:

Comment 1 Bill Nottingham 2002-08-28 01:28:29 UTC

That 'anywhere' line is for traffic over the loopback interface.