Bug 105827 - RFE: Current firewall configuration GUI lacks functionality
Summary: RFE: Current firewall configuration GUI lacks functionality
Alias: None
Product: Fedora
Classification: Fedora
Component: redhat-config-securitylevel (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Paul Nasrat
QA Contact:
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2003-09-28 05:58 UTC by Bruce A. Locke
Modified: 2007-11-30 22:10 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-29 16:00:32 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora (22.39 KB, image/png)
2004-11-04 21:59 UTC, Daniel L. Rall
no flags Details

Description Bruce A. Locke 2003-09-28 05:58:46 UTC
End users will need the ability to allow arbitrary ports and port ranges through
the firewall.

The GUI in anaconda seems to have this functionality but the
"redhat-config-securitylevel" tool does not.  The "redhat-config-securitylevel"
tool and the anaconda tool are functionally different and this is very confusing.

Comment 1 Jon Savage 2003-10-03 21:26:52 UTC
Firestarter or similar might represent a step in the right direction.

Comment 2 Steve Wardell 2003-10-14 20:23:27 UTC
From firestart's page:

"Firestarter is now included in the Fedora project." I don't see this listed in
the RPMs on the FTP sites. Any ideas?

Comment 3 Steve Wardell 2003-10-14 20:24:08 UTC
To clarigy, the FTP site being the FTP of Fedora that is.

Comment 4 Sean Earp 2003-10-27 20:19:32 UTC
I would just like to add a "me too" to this RFE.  It could be fixed by changing
over to a graphical firewall config tool, or by adding back the "other ports"
option that used to be in this tool.

Comment 5 Sean Earp 2003-10-27 20:20:45 UTC
My sentence above was incomplete:

It could be fixed by changing over to a graphical firewall config tool

was supposed to be

It could be fixed by changing over to a graphical firewall config tool like


Comment 6 Johnny Cage 2003-11-03 12:05:13 UTC
I wonder if an IPTables firewall solution would be appropriate?
A firewall script based on iptables, would have many enhancemants
(opend ports, blocked ports, blocked hosts, routing etc...), and 
would provide a pretty good solution. The interface adjusted for 
configuring this firewall script.
On the other hand iptables support is needed.

Comment 7 Jean Francois Martinez 2003-11-10 21:00:51 UTC
One functionalitry who is sorely missing is support for masquerading
(not really related to security but it is basically the same tool).

Also while now Redhat and Fedora use iptables, AFAIK, they don't take
advantage of them for stateful firewalling.   It is a real pity.

Comment 8 Mathijs Tieleman 2004-08-09 20:08:46 UTC
It looks good to have a look at Shorewall (www.shorewall.net), which
is not a GUI but a UI. It comes with a great set easy to manage config
files. The development is very active and the setup is easy and almost
all functionality has been implemented.

Comment 9 superbnerd 2004-10-13 09:31:53 UTC
Firestarter should be an excellent tool to use as is or to tweak to
make it fit fedora's inculsion requirements especially since the 1.0
version will have improved HIG compliamce. I there a reason (from
developers) why firestarter is and was not the default firewall config

Comment 10 Daniel L. Rall 2004-11-04 21:45:33 UTC
This is related to bug 128046 (likely a superset of that issue).

Comment 11 Daniel L. Rall 2004-11-04 21:59:58 UTC
Created attachment 106193 [details]
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora

The ability to punch arbitrary ports through the firewall appears to exist in
later versions of the Fedora incarnation of this tool, though it's unclear to
me from the GUI whether port ranges are also allowed.

If port ranges are allowed, an example could provided in the GUI a la the
"1029:tcp" example for "Other ports".

Comment 12 Steve Wardell 2005-09-02 21:52:50 UTC
Should this item be closed now that the GUI and capabilities have improved in FC4?

Note You need to log in before you can comment on or make changes to this bug.