Red Hat Bugzilla – Bug 216196
Port 5222 overlaid upon exit of Security Level Configuration GUI
Last modified: 2007-11-30 17:11:49 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)
Description of problem:
Upon reenter of firewall GUI, System, Administration, Security Level and Firewall, in the Security Level Configuration window, port 5222 is added and is then overlaid by subsequent access to that GUI unless 5222 is added each time. The port becomes blocked by the firewall when this occurs because the port is no longer actively punched through.
Essentially the add of of the 5222 port is only active if specified to be: other ports, add 5222, every time the GUI is entered.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Console access to FC5 server, logged in as root
2. System, Administration, Security Level and Firewall, Security Level Configuration window
3. Firewall options: enabled
4. In this case https and ssl are enabled but this is irrelevant.
5. Other ports, ADD, 5222
7. Port has become enabled.
8. reenter #2 above and add anything, remove anything, or do nothing, and exit
9. the configuration is overwritten (as expected) except
10. Port 5222 has vanished and is therefore blocked on the firewall.
When you reenter the firewall from the GUI, under Security Level Configuration, port 5222 is no longer there. If you do anything or nothing further and then exit, the configuration is overlaid. Once the configuration is overlaid, the 5222 port no longer is "added".
Once the port has been added through the Add option in the GUI under Security Level Configuration, it should remain there until removed by request (the remove button).
"Not all port changes done with the GUI are picked back up by the GUI on subsequent edits. The overwrite then blows the omitted ports away. For whatever reason, the GUI refuses to recognize 5222 when you reopen it for edit. It's like it's not there and when you hit OK, it isn't. It gets overridden and thus blocked."
This should be fixed in the system-config-securitylevel in fc5-updates. Please
upgrade to that and see if you are still seeing this problem. If so, feel free
to reopen this bug.