Bug 207066 - system-config-securitylevel opens ports invisibly, without documenting why
system-config-securitylevel opens ports invisibly, without documenting why
Status: CLOSED DUPLICATE of bug 181397
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Lumens
http://www.obviously.com/
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-18 22:52 EDT by Bryce Nesbitt
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-25 11:47:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bryce Nesbitt 2006-09-18 22:52:31 EDT
The file I CAN change to affect the firewall:

# cat /etc/sysconfig/system-config-securitylevel
--enabled
--port=8080:tcp
--port=8081:tcp
--port=514:udp
--port=22:tcp
--port=80:tcp
--port=443:tcp

And the one that is USED:

# cat /etc/sysconfig/iptables
...
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
...


Differ.  Firewall configuration is tricky -- and you don't want to leave unknown
services enabled.  I'm concerned that "extra" ports are left enabled in the
default configuration.

I think that system-config-securitylevel should either open exactly the ports in
/etc/sysconfig/system-config-securitylevel, or at least document WHERE the
additional port holes are sourced from.

Documentation in general would help... what's the format of
/etc/sysconfig/system-config-securitylevel ? Can I use it to restrict at
particular port opening to an IP address range?  Or is it limited to what I see?
Comment 1 Chris Lumens 2006-09-25 11:47:44 EDT

*** This bug has been marked as a duplicate of 181397 ***

Note You need to log in before you can comment on or make changes to this bug.