Bug 164187 – Unable to configure port range in Other Ports

Bug 164187 - Unable to configure port range in Other Ports

Summary:	Unable to configure port range in Other Ports

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	system-config-securitylevel (Show other bugs)
Sub Component:
Version:	4
Hardware:	i386 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Chris Lumens
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2005-07-25 16:10 EDT by John Griffiths
Modified:	2007-11-30 17:11 EST (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-12-02 13:51:02 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description John Griffiths 2005-07-25 16:10:52 EDT

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
I used /usr/bin/system-config-securitylevel and tried to open a port range using 6881-6999:tcp. system-config-securitylevel accepted the command, but when I checked it, only port 6881:tcp was opened. Am I missing something? I looked for a man page or help for system-config-securitylevel and couldn't find one. I did a google search for system-config-securitylevel and "port range" and got some stuff on ftp but nothing on actually opening a range.


Version-Release number of selected component (if applicable):
system-config-securitylevel-1.5.8.1-1

How reproducible:
Always

Steps to Reproduce:
1.run system-config-securitylevel
2.Enter a port range to open in "Other ports", i.e., 6881-6999:tcp
3.Exit
4.run system-config-securitylevel
5.Only first port shows in "Other ports", i.e., 6881:tcp
  

Actual Results:  Only first port shows in "Other ports", i.e., 6881:tcp

Expected Results:  A port range should have been created.

Additional info:

This makes it impossible to participate in a bittorent community.

Comment 1 Chris Lumens 2005-08-03 10:34:58 EDT

No, you're not missing anything.  s-c-securitylevel doesn't currently support
adding ranges.

Comment 2 John Griffiths 2005-08-03 12:01:37 EDT

The option -dport will accept a range according to the man page for iptables. If
I hand edit the /etc/sysconfig/iptables file to specify a range, will the
firewall accept it?

Comment 3 John Griffiths 2005-08-03 12:10:03 EDT

Answered my own question. Tried it. iptables -L lists the rule so it appears
this works. Of course now I cannot use system-config-securitylevel or it will
overwrite the rule and drop the port range.

Comment 4 John Griffiths 2005-08-03 15:07:27 EDT

Further comment. I can still use system-config-securitylevel to change SELinux
enforcing without rewriting the /etc/sysconfig/iptables file. I cannot change
the firewall ports or the iptables file is overwritten.

Seems this might be a fairly simple enhancement. system-config-securitylevel
will already accept ip-ip:tcp as a iprange on the "other ports" section. It just
does not parse and write the range. The output of system-config-securitylevel
could process the string before the : as it currently does and substitute a
colon for the dash since the format for a range is 

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6881:6999 -j
ACCEPT

Just a thought.

Note You need to log in before you can comment on or make changes to this bug.