Bug 207066 - system-config-securitylevel opens ports invisibly, without documenting why
Summary: system-config-securitylevel opens ports invisibly, without documenting why
Keywords:
Status: CLOSED DUPLICATE of bug 181397
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Chris Lumens
QA Contact:
URL: http://www.obviously.com/
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-19 02:52 UTC by Bryce Nesbitt
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-09-25 15:47:44 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Bryce Nesbitt 2006-09-19 02:52:31 UTC 
The file I CAN change to affect the firewall:

# cat /etc/sysconfig/system-config-securitylevel
--enabled
--port=8080:tcp
--port=8081:tcp
--port=514:udp
--port=22:tcp
--port=80:tcp
--port=443:tcp

And the one that is USED:

# cat /etc/sysconfig/iptables
...
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
...


Differ.  Firewall configuration is tricky -- and you don't want to leave unknown
services enabled.  I'm concerned that "extra" ports are left enabled in the
default configuration.

I think that system-config-securitylevel should either open exactly the ports in
/etc/sysconfig/system-config-securitylevel, or at least document WHERE the
additional port holes are sourced from.

Documentation in general would help... what's the format of
/etc/sysconfig/system-config-securitylevel ? Can I use it to restrict at
particular port opening to an IP address range?  Or is it limited to what I see?
Comment 1 Chris Lumens 2006-09-25 15:47:44 UTC 

*** This bug has been marked as a duplicate of 181397 ***
Note You need to log in before you can comment on or make changes to this bug.