From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050302 Firefox/1.0.1 Fedora/1.0.1-1.3.2 Description of problem: IMHO we would really help users if we had a LOG target just before our DROP. At the moment, using s-c-securitylevel will not tell the user why something fails. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. configure a firewall with s-c-securitylevel 2. enable it 3. try do access via a method that is not allowed by the just configured iptables Actual Results: user has no clue why it fails Expected Results: there should be entries in /var/log/messages (or even better in a separate log file, do not forget to add said logfile to logrotate if added) Additional info: to avoid spamming of the logs we should set a limit, say 10/minute, optimally the user would get a drop down list where she/he can select one of 1/minute 5/minute 10/minute 60/minute unlimited
There will be a new firewall configuration tool for fedora, soon. This feature is on the todo list.
Assigning to system-config-firewall.
Ah yes, soon. I suppose this may be in place now for Fedora, but it would be nice for RHEL6 too. I suppose bug 494832 might be about that, but that is private.
Closing because there will not be big changes to system-config-firewall anymore.