Bug 164187 - Unable to configure port range in Other Ports
Unable to configure port range in Other Ports
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Lumens
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2005-07-25 16:10 EDT by John Griffiths
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-12-02 13:51:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Griffiths 2005-07-25 16:10:52 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
I used /usr/bin/system-config-securitylevel and tried to open a port range using 6881-6999:tcp. system-config-securitylevel accepted the command, but when I checked it, only port 6881:tcp was opened. Am I missing something? I looked for a man page or help for system-config-securitylevel and couldn't find one. I did a google search for system-config-securitylevel and "port range" and got some stuff on ftp but nothing on actually opening a range.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.run system-config-securitylevel
2.Enter a port range to open in "Other ports", i.e., 6881-6999:tcp
4.run system-config-securitylevel
5.Only first port shows in "Other ports", i.e., 6881:tcp

Actual Results:  Only first port shows in "Other ports", i.e., 6881:tcp

Expected Results:  A port range should have been created.

Additional info:

This makes it impossible to participate in a bittorent community.
Comment 1 Chris Lumens 2005-08-03 10:34:58 EDT
No, you're not missing anything.  s-c-securitylevel doesn't currently support
adding ranges.
Comment 2 John Griffiths 2005-08-03 12:01:37 EDT
The option -dport will accept a range according to the man page for iptables. If
I hand edit the /etc/sysconfig/iptables file to specify a range, will the
firewall accept it?
Comment 3 John Griffiths 2005-08-03 12:10:03 EDT
Answered my own question. Tried it. iptables -L lists the rule so it appears
this works. Of course now I cannot use system-config-securitylevel or it will
overwrite the rule and drop the port range.
Comment 4 John Griffiths 2005-08-03 15:07:27 EDT
Further comment. I can still use system-config-securitylevel to change SELinux
enforcing without rewriting the /etc/sysconfig/iptables file. I cannot change
the firewall ports or the iptables file is overwritten.

Seems this might be a fairly simple enhancement. system-config-securitylevel
will already accept ip-ip:tcp as a iprange on the "other ports" section. It just
does not parse and write the range. The output of system-config-securitylevel
could process the string before the : as it currently does and substitute a
colon for the dash since the format for a range is 

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6881:6999 -j

Just a thought.

Note You need to log in before you can comment on or make changes to this bug.