From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7 Description of problem: system-config-securitylevel should not commit functions of iptables and selinux in one sweep. if you have custom iptables rules or scripts (not configured with system-config-securitylevel) and you open system-config-securitylevel to make a change for selinux, your iptables rules are lost. Version-Release number of selected component (if applicable): system-config-securitylevel-1.5.8.1-1 How reproducible: Always Steps to Reproduce: 1. create and enable some custom iptables rules without system-config-securitylevel 2. open system-config-securitylevel and make a change to a selinux boolean 3. apply changes Actual Results: the custom iptables rules that were either too complicated or too specific for system-config-securitylevel to create (so you created them manually with iptables) are deleted and you are left with no firewall. Expected Results: the functions of a firewall and selinux, while both security related and both important, are very separate things and should not be combined in one gui especially when the gui has not been designed to take into account each and every variable that you may want to include in an iptables rule. optimally, this gui would be split into it's two parts. or, one should be allowed to choose which part they want to work with or, the gui should encompass and pull all possible iptables rules/targets from current configurations. Additional info:
(In reply to comment #0) > From Bugzilla Helper: > User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7 > > Description of problem: > system-config-securitylevel should not commit functions of iptables and selinux in one sweep. if you have custom iptables rules or scripts (not configured with system-config-securitylevel) and you open system-config-securitylevel to make a change for selinux, your iptables rules are lost. > The GUI settings for Firewall and SELinux is in seperate tabs in the GUI SELinux configuration in the GUI is completely unrelated to the iptables related firewall settings. Changing SELinux configuration would not affect any iptables rules. If it does so thats a bug thats needs to filed as a seperate bug report with the relevant information to reproduce this.
ok, see the new bug #173231: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173231 system-config-securitylevel deletes /etc/sysconfig/iptables and if you reboot or restart iptables, you lose your firewall.