Bug 88136

Summary: redhat-config-security level interface is confusing
Product: [Retired] Red Hat Linux Reporter: Darren Brierton <darren>
Component: redhat-config-securitylevelAssignee: Brent Fox <bfox>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: 9   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-05-20 19:24:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Darren Brierton 2003-04-06 15:45:13 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131

Description of problem:
If, like me, one does not understand very much about firewalls, the UI of
redhat-config-securitylevel is a little confusing: if you select "Customize"
instead of "Use default firewall rules" which takes precedence - "Trusted
devices" or "Allow incoming"?

Take this scenario: I don't want any connections from outside at all, but I run
VMware and want VMs to be able to access Apache on the host without allowing
HTTP requests from outside my machine to be allowed. If eth0 is not selected as
a trusted device but HTTP is selected for allow incoming, and an HTTP request
comes from eth0 which wins out? Similarly if vmnet0 is selected as a trusted
device but HTTP is not selected for allow incoming and an HTTP request comes
from vmnet0 what happens?

Version-Release number of selected component (if applicable):
1.1.1-3

How reproducible:
Always

Steps to Reproduce:
1. Start redhat-config-securitylevel
2. Select Customize
3. Become confused
    

Actual Results:  Nagging worry that I have opened a giant security hole in my
machine

Expected Results:  Warm fuzzy feeling and sense of well-being that my firewall
is configured correctly

Additional info:

Comment 1 Need Real Name 2003-04-10 17:58:59 UTC
88388 is closed, but says a similar thing.

Comment 2 Brent Fox 2003-05-20 19:24:28 UTC
In general, the "Customize" part of any user interface assumes that the user
knows enough to make manual changes to override the default settings.  

I think that the documentation for this tool adaquately explains the choices
that the "Customize" mode presents.
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/ch-basic-firewall.html#S1-BASIC-FIREWALL-SECURITYLEVEL

I agree that the user interface layout could be improved.  However, there's only
so much that the interface can do to explain a concept as complicated as
firewalls to a user who is not familiar with them.