End users will need the ability to allow arbitrary ports and port ranges through the firewall. The GUI in anaconda seems to have this functionality but the "redhat-config-securitylevel" tool does not. The "redhat-config-securitylevel" tool and the anaconda tool are functionally different and this is very confusing.
Firestarter or similar might represent a step in the right direction.
From firestart's page: "Firestarter is now included in the Fedora project." I don't see this listed in the RPMs on the FTP sites. Any ideas?
To clarigy, the FTP site being the FTP of Fedora that is.
I would just like to add a "me too" to this RFE. It could be fixed by changing over to a graphical firewall config tool, or by adding back the "other ports" option that used to be in this tool.
My sentence above was incomplete: It could be fixed by changing over to a graphical firewall config tool was supposed to be It could be fixed by changing over to a graphical firewall config tool like firestarter. Sorry...
I wonder if an IPTables firewall solution would be appropriate? A firewall script based on iptables, would have many enhancemants (opend ports, blocked ports, blocked hosts, routing etc...), and would provide a pretty good solution. The interface adjusted for configuring this firewall script. On the other hand iptables support is needed.
One functionalitry who is sorely missing is support for masquerading (not really related to security but it is basically the same tool). Also while now Redhat and Fedora use iptables, AFAIK, they don't take advantage of them for stateful firewalling. It is a real pity.
It looks good to have a look at Shorewall (www.shorewall.net), which is not a GUI but a UI. It comes with a great set easy to manage config files. The development is very active and the setup is easy and almost all functionality has been implemented.
Firestarter should be an excellent tool to use as is or to tweak to make it fit fedora's inculsion requirements especially since the 1.0 version will have improved HIG compliamce. I there a reason (from developers) why firestarter is and was not the default firewall config tool?
This is related to bug 128046 (likely a superset of that issue).
Created attachment 106193 [details] Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora The ability to punch arbitrary ports through the firewall appears to exist in later versions of the Fedora incarnation of this tool, though it's unclear to me from the GUI whether port ranges are also allowed. If port ranges are allowed, an example could provided in the GUI a la the "1029:tcp" example for "Other ports".
Should this item be closed now that the GUI and capabilities have improved in FC4?