Bug 124161 - RFE: Addition of trusted services
RFE: Addition of trusted services
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Lumens
: FutureFeature
: 136800 137259 (view as bug list)
Depends On:
Blocks: 177950
  Show dependency treegraph
Reported: 2004-05-24 11:51 EDT by mark
Modified: 2007-11-30 17:10 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-10-03 10:44:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description mark 2004-05-24 11:51:39 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040514

Description of problem:
  i think the ability to add additional services to the "trusted
services" box (without modifying the source code) in
system-config-securitylevel would be very useful.

my reasons:

1. i realize i could simply add the port number to "other ports:" but
i have several obscure ports open on my box and i like the protocol
listed next to the port number as it is in the trusted services box
(to quickly remind me what each of them is).

2. when disabling the firewall this would avoid erasing the "other
ports" i had typed in (requiring me to retype them in when the
firewall was re-enabled.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.not applicable

Additional info:
Comment 1 Bryan W Clark 2004-09-14 13:39:22 EDT
Paul, I'd like if you ping me when you start to work on this.  Thanks.
Comment 2 Paul Nasrat 2004-10-27 10:41:18 EDT
*** Bug 137259 has been marked as a duplicate of this bug. ***
Comment 3 Paul Nasrat 2004-11-15 09:33:44 EST
*** Bug 136800 has been marked as a duplicate of this bug. ***
Comment 4 Daniel L. Rall 2004-11-23 12:54:13 EST
Paul closed bug 138143 with the comment that the fix for this bug will
provide the ability to configure ALL ASPECTS of an iptables-based

Even then, it won't provide what was requested in bug 138143 -- the
ability to work with other iptables tools which modify the
configuration file, and the ability to make hand edits, both without
risking blind overwrite of the configuration file by
Comment 5 Daniel L. Rall 2004-11-23 13:03:59 EST
The end of that last comment should read "system-config-securitylevel"
rather than "system-config-firewall".  And bug 138143 was closed as
Comment 6 Paul Nasrat 2004-11-23 16:25:58 EST
Daniel - feel free to reopen bug # 138143 as an RFE then
Comment 7 Jungshik Shin 2005-07-10 08:56:01 EDT
If turning system-config-securitylevel to a full-fledged ipchains configuration
tool is not feasible in the near future, at least samba needs to be added to the
list of services. To enable samba service with the firewall turned on, multiple
lines need to be added to iptables file, but system-config-samba doesn't add
them automatically and there's no simple way to do that with

Comment 8 Jungshik Shin 2005-07-10 09:56:25 EDT
I'm not sure how much this will help, but I thought a good first step in
resolving this bug would be to collect a set of rules for a number of services.
In early 2000's (when ipchains were used), I used 'fwup' (http://www.fwup.org)
with a great number of preconfigured services. It's never been updated to
iptables, but still its list of services and ports to open should be of some use
Comment 9 Chris Lumens 2006-10-03 10:44:37 EDT
It's true that system-config-securitylevel is supposed to be more simple than a
full-fledged firewall config tool.  However I have made a variety of
improvements that should take care of this issue.  First, the firewall can be
disabled without forgetting the config, which takes care of that concern. 
Second, you can enter the port by descriptive name now and see the names when
you reload the config.  Finally, samba is now supported as a checkbox to take c
are of Jungshik's concern.

Note You need to log in before you can comment on or make changes to this bug.