Red Hat Bugzilla – Bug 105827
RFE: Current firewall configuration GUI lacks functionality
Last modified: 2007-11-30 17:10:31 EST
End users will need the ability to allow arbitrary ports and port ranges through
The GUI in anaconda seems to have this functionality but the
"redhat-config-securitylevel" tool does not. The "redhat-config-securitylevel"
tool and the anaconda tool are functionally different and this is very confusing.
Firestarter or similar might represent a step in the right direction.
From firestart's page:
"Firestarter is now included in the Fedora project." I don't see this listed in
the RPMs on the FTP sites. Any ideas?
To clarigy, the FTP site being the FTP of Fedora that is.
I would just like to add a "me too" to this RFE. It could be fixed by changing
over to a graphical firewall config tool, or by adding back the "other ports"
option that used to be in this tool.
My sentence above was incomplete:
It could be fixed by changing over to a graphical firewall config tool
was supposed to be
It could be fixed by changing over to a graphical firewall config tool like
I wonder if an IPTables firewall solution would be appropriate?
A firewall script based on iptables, would have many enhancemants
(opend ports, blocked ports, blocked hosts, routing etc...), and
would provide a pretty good solution. The interface adjusted for
configuring this firewall script.
On the other hand iptables support is needed.
One functionalitry who is sorely missing is support for masquerading
(not really related to security but it is basically the same tool).
Also while now Redhat and Fedora use iptables, AFAIK, they don't take
advantage of them for stateful firewalling. It is a real pity.
It looks good to have a look at Shorewall (www.shorewall.net), which
is not a GUI but a UI. It comes with a great set easy to manage config
files. The development is very active and the setup is easy and almost
all functionality has been implemented.
Firestarter should be an excellent tool to use as is or to tweak to
make it fit fedora's inculsion requirements especially since the 1.0
version will have improved HIG compliamce. I there a reason (from
developers) why firestarter is and was not the default firewall config
This is related to bug 128046 (likely a superset of that issue).
Created attachment 106193 [details]
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora
The ability to punch arbitrary ports through the firewall appears to exist in
later versions of the Fedora incarnation of this tool, though it's unclear to
me from the GUI whether port ranges are also allowed.
If port ranges are allowed, an example could provided in the GUI a la the
"1029:tcp" example for "Other ports".
Should this item be closed now that the GUI and capabilities have improved in FC4?