Red Hat Bugzilla – Bug 124161
RFE: Addition of trusted services
Last modified: 2007-11-30 17:10:43 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040514
Description of problem:
i think the ability to add additional services to the "trusted
services" box (without modifying the source code) in
system-config-securitylevel would be very useful.
1. i realize i could simply add the port number to "other ports:" but
i have several obscure ports open on my box and i like the protocol
listed next to the port number as it is in the trusted services box
(to quickly remind me what each of them is).
2. when disabling the firewall this would avoid erasing the "other
ports" i had typed in (requiring me to retype them in when the
firewall was re-enabled.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Paul, I'd like if you ping me when you start to work on this. Thanks.
*** Bug 137259 has been marked as a duplicate of this bug. ***
*** Bug 136800 has been marked as a duplicate of this bug. ***
Paul closed bug 138143 with the comment that the fix for this bug will
provide the ability to configure ALL ASPECTS of an iptables-based
Even then, it won't provide what was requested in bug 138143 -- the
ability to work with other iptables tools which modify the
configuration file, and the ability to make hand edits, both without
risking blind overwrite of the configuration file by
The end of that last comment should read "system-config-securitylevel"
rather than "system-config-firewall". And bug 138143 was closed as
Daniel - feel free to reopen bug # 138143 as an RFE then
If turning system-config-securitylevel to a full-fledged ipchains configuration
tool is not feasible in the near future, at least samba needs to be added to the
list of services. To enable samba service with the firewall turned on, multiple
lines need to be added to iptables file, but system-config-samba doesn't add
them automatically and there's no simple way to do that with
I'm not sure how much this will help, but I thought a good first step in
resolving this bug would be to collect a set of rules for a number of services.
In early 2000's (when ipchains were used), I used 'fwup' (http://www.fwup.org)
with a great number of preconfigured services. It's never been updated to
iptables, but still its list of services and ports to open should be of some use
It's true that system-config-securitylevel is supposed to be more simple than a
full-fledged firewall config tool. However I have made a variety of
improvements that should take care of this issue. First, the firewall can be
disabled without forgetting the config, which takes care of that concern.
Second, you can enter the port by descriptive name now and see the names when
you reload the config. Finally, samba is now supported as a checkbox to take c
are of Jungshik's concern.