Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 105827 - RFE: Current firewall configuration GUI lacks functionality
RFE: Current firewall configuration GUI lacks functionality
Product: Fedora
Classification: Fedora
Component: redhat-config-securitylevel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Paul Nasrat
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2003-09-28 01:58 EDT by Bruce A. Locke
Modified: 2007-11-30 17:10 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-29 11:00:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora (22.39 KB, image/png)
2004-11-04 16:59 EST, Daniel L. Rall
no flags Details

  None (edit)
Description Bruce A. Locke 2003-09-28 01:58:46 EDT
End users will need the ability to allow arbitrary ports and port ranges through
the firewall.

The GUI in anaconda seems to have this functionality but the
"redhat-config-securitylevel" tool does not.  The "redhat-config-securitylevel"
tool and the anaconda tool are functionally different and this is very confusing.
Comment 1 Jon Savage 2003-10-03 17:26:52 EDT
Firestarter or similar might represent a step in the right direction.
Comment 2 Steve Wardell 2003-10-14 16:23:27 EDT
From firestart's page:

"Firestarter is now included in the Fedora project." I don't see this listed in
the RPMs on the FTP sites. Any ideas?
Comment 3 Steve Wardell 2003-10-14 16:24:08 EDT
To clarigy, the FTP site being the FTP of Fedora that is.
Comment 4 Sean Earp 2003-10-27 15:19:32 EST
I would just like to add a "me too" to this RFE.  It could be fixed by changing
over to a graphical firewall config tool, or by adding back the "other ports"
option that used to be in this tool.
Comment 5 Sean Earp 2003-10-27 15:20:45 EST
My sentence above was incomplete:

It could be fixed by changing over to a graphical firewall config tool

was supposed to be

It could be fixed by changing over to a graphical firewall config tool like

Comment 6 Johnny Cage 2003-11-03 07:05:13 EST
I wonder if an IPTables firewall solution would be appropriate?
A firewall script based on iptables, would have many enhancemants
(opend ports, blocked ports, blocked hosts, routing etc...), and 
would provide a pretty good solution. The interface adjusted for 
configuring this firewall script.
On the other hand iptables support is needed.
Comment 7 Jean Francois Martinez 2003-11-10 16:00:51 EST
One functionalitry who is sorely missing is support for masquerading
(not really related to security but it is basically the same tool).

Also while now Redhat and Fedora use iptables, AFAIK, they don't take
advantage of them for stateful firewalling.   It is a real pity.
Comment 8 Mathijs Tieleman 2004-08-09 16:08:46 EDT
It looks good to have a look at Shorewall (www.shorewall.net), which
is not a GUI but a UI. It comes with a great set easy to manage config
files. The development is very active and the setup is easy and almost
all functionality has been implemented.

Comment 9 superbnerd 2004-10-13 05:31:53 EDT
Firestarter should be an excellent tool to use as is or to tweak to
make it fit fedora's inculsion requirements especially since the 1.0
version will have improved HIG compliamce. I there a reason (from
developers) why firestarter is and was not the default firewall config
Comment 10 Daniel L. Rall 2004-11-04 16:45:33 EST
This is related to bug 128046 (likely a superset of that issue).
Comment 11 Daniel L. Rall 2004-11-04 16:59:58 EST
Created attachment 106193 [details]
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora

The ability to punch arbitrary ports through the firewall appears to exist in
later versions of the Fedora incarnation of this tool, though it's unclear to
me from the GUI whether port ranges are also allowed.

If port ranges are allowed, an example could provided in the GUI a la the
"1029:tcp" example for "Other ports".
Comment 12 Steve Wardell 2005-09-02 17:52:50 EDT
Should this item be closed now that the GUI and capabilities have improved in FC4?

Note You need to log in before you can comment on or make changes to this bug.