From Bugzilla Helper: User-Agent: Mozilla/4.73 [en] (X11; U; Linux 2.2.16-3 i686) On installation I selected the "medium" firewall option, and allowed incoming ssh. I have done this with both the text and the graphic installation. The chains that get setup are (ipchains -L -n): Chain input (policy ACCEPT): target prot opt source destination ports ACCEPT udp ------ 199.99.226.3 0.0.0.0/0 53 -> * ACCEPT udp ------ 199.99.226.3 0.0.0.0/0 53 -> * ACCEPT udp ------ 199.99.226.3 0.0.0.0/0 53 -> * ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 22 ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a DENY tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 0:1023 DENY tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 2049 DENY udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 0:1023 DENY udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 2049 DENY tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 6000:6 009 DENY tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> 7100 Chain forward (policy ACCEPT): Chain output (policy ACCEPT): Note the 'ACCEPT all 0.0.0.0 0.0.0.0' lines *before* any of the deny items. This accepts all incoming packets Reproducible: Always Steps to Reproduce: 1.perform install 2.choose "medium" firewall 3.allow ssh connects (This is the only senario I have tested) Actual Results: see description. Expected Results: The chains should not be accepting all packets. At a minimut the 'ACCEPT all' lines should not be there.
What does your /etc/resolv.conf look like?
--------resolv.conf------------ nameserver 199.99.226.3 -----end resolv.conf
ipchains -L -n hides one important piece of information -- the interface. The ACCEPT lines are actually limited to the lo and eth1 interfaces: ... 6 420 ACCEPT all ------ 0xFF 0x00 lo 0.0.0.0/0 0.0.0.0/0 n/a 16554 2483K ACCEPT all ------ 0xFF 0x00 eth1 0.0.0.0/0 0.0.0.0/0 n/a ...