The file I CAN change to affect the firewall: # cat /etc/sysconfig/system-config-securitylevel --enabled --port=8080:tcp --port=8081:tcp --port=514:udp --port=22:tcp --port=80:tcp --port=443:tcp And the one that is USED: # cat /etc/sysconfig/iptables ... -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT ... Differ. Firewall configuration is tricky -- and you don't want to leave unknown services enabled. I'm concerned that "extra" ports are left enabled in the default configuration. I think that system-config-securitylevel should either open exactly the ports in /etc/sysconfig/system-config-securitylevel, or at least document WHERE the additional port holes are sourced from. Documentation in general would help... what's the format of /etc/sysconfig/system-config-securitylevel ? Can I use it to restrict at particular port opening to an IP address range? Or is it limited to what I see?
*** This bug has been marked as a duplicate of 181397 ***