Red Hat Bugzilla – Bug 171947
It doesn't work to enable firewall and open ports by iptables instead of trusted port
Last modified: 2007-11-30 17:07:21 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Description of problem:
If I enable firewall and at the same time use iptables to open some ports instead of adding trusted ports or other ports on the gui, the ports will not be opened.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. system-config-securitylevel, just enable firewall, nothing else. Don't add any trusted ports/devices or other ports.
2. then use iptables to add rule to open ports. For example, open telnet port:
iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 23 -j ACCEPT
3. service iptables save
4. try to telnet from 192.168.x.x, but failed. ?????
Actual Results: The port is not opened as specified in the iptables rule.
Expected Results: system-config-securitylevel to enable firewall should work together with iptables rules.
Of course I can use gui to add telnet port 23, but how about if I want to open ports from 1 to 1024? You don't expect me to add them one by one on the gui, right?
Or this is the design that system-config-securitylevel can't work together with with iptables rules???
That's correct. system-config-securitylevel assumes it's in charge of the
iptables rules. You're limited to either using s-c-securitylevel for everything
firewall related, or not using it for anything at all. Yes, this is a pretty
big limitation and needs work.
*** This bug has been marked as a duplicate of 138143 ***