Red Hat Bugzilla – Bug 503588
'Other Port' validation broken
Last modified: 2013-04-12 16:17:10 EDT
Description of problem:
Validation of the "Other Ports" in system-config-securitylevel is broken. When a port is entered, it's service name is derived and then added to the list. So in case of service names with hypens, they are assumed to be port ranges and are split and the individual sections are found to be invalid.
This way, even when such ports are added, they are not visible in the list. You can see that the rules have been added with iptables-save. Subsequent changes to ports in system-config-securitylevel will remove the rules added for those earlier ports.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Start system-config-securitylevel
2. Click on the "Other Ports" section
3. Click on "Add"
4. Enter 1156 as port. Leave protocol as tcp
5. Press OK
6. Press Apply and Ok to close
The firewall rule for 1156 has been applied but it is not seen as added in system-config-securitylevel
1156 should be visible in system-config-securitylevel as iascontrol-oms
s-c-securitylevel 1.6.30 fixes this condition, but at the same time this version does not have any real validation at all. The rule for validation is effectively, "It should be a number, range of numbers or characters," but there is no validation of whether the characters represent a valid service name.
Created attachment 346130 [details]
patch to fix validation
This is a patch from Siddhesh Poyarekar <firstname.lastname@example.org> to validate numeric ports and if false, check for validity of the service name.
Created attachment 346257 [details]
FIx for the failing check of a single service name containing a '-'.
Thanks for your patch from comment #1, but it
- dropped support for port ranges with service names.
- disabled the check for ports > 65535. (rhbz#247608)
Please have a look at this valid port range: ftp-data-ftp:tcp (20-21:tcp).
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.