Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 171947

Summary: It doesn't work to enable firewall and open ports by iptables instead of trusted port
Product: Red Hat Enterprise Linux 4 Reporter: Zaiwen <zaiwen>
Component: system-config-securitylevelAssignee: Chris Lumens <clumens>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-11-29 19:59:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zaiwen 2005-10-28 00:40:55 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Description of problem:
If I enable firewall and at the same time use iptables to open some ports instead of adding trusted ports or other ports on the gui, the ports will not be opened.  

Version-Release number of selected component (if applicable):
system-config-securitylevel-1.4.19.1-1

How reproducible:
Always

Steps to Reproduce:
1. system-config-securitylevel, just enable firewall, nothing else. Don't add any trusted ports/devices or other ports.
2. then use iptables to add rule to open ports. For example, open telnet port: 

iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 23 -j ACCEPT

3. service iptables save
4. try to telnet from 192.168.x.x, but failed. ?????



Actual Results:  The port is not opened as specified in the iptables rule.

Expected Results:  system-config-securitylevel to enable firewall should work together with iptables rules. 

Of course I can use gui to add telnet port 23, but how about if I want to open ports from 1 to 1024? You don't expect me to add them one by one on the gui, right? 

Or this is the design that system-config-securitylevel can't work together with with iptables rules???


Additional info:
Comment 1 Chris Lumens 2005-11-01 16:07:15 UTC 
That's correct.  system-config-securitylevel assumes it's in charge of the
iptables rules.  You're limited to either using s-c-securitylevel for everything
firewall related, or not using it for anything at all.  Yes, this is a pretty
big limitation and needs work.
Comment 2 Chris Lumens 2005-11-29 19:59:46 UTC 

*** This bug has been marked as a duplicate of 138143 ***