From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2.1) Gecko/20010901 Description of problem: After checkmarking "medium" for the configuration of the firewall settings during installation, I was wondering that "ntp" didn't work out of the box as it did with "Roswell (2)", and that furthermore, "ssh" connections from the outside world were refused. "nmap <hostname>" confirmed for instance that port 123 which is used by "ntp" by default was closed, so obviously "ntp" couldn't work. I launched "lokkit" as root and set the security level to "medium". Exiting "lokkit" and relaunching "lokkit" proved the security level still to remain "high". Rebooting the machine didn't change anything either. By the way, why is there no bugzilla entry for "lokkit" whereas there is one for "gnome-lokkit"? "gnome-lokkit" is not even installed by default! Version-Release number of selected component (if applicable): lokkit-0.50-6 How reproducible: Always Steps to Reproduce: 1. Launch "lokkit" 2. Set security level from "high" to "medium" 3. Launch "lokkit" Actual Results: "Lokkit" displays "high" for the actual security level, "ntp" still doesn't work, and "ssh" connections from the outside world are still refused. This used to work with Roswell (2). Expected Results: Security level should be "medium", "ntp" should be able to use port 123 to query some remote time server, and "ssh" connections from the outside world should be accepted. Additional info:
*** This bug has been marked as a duplicate of 25510 ***
Hum, in my report, I clearly explained that it is not principally a matter of "lokkit" not being able to -display- the previous settings, but that actually the settings are -not- modified! Not displaying the actual settings is of course suboptimal, however, the crucial point is: when selecting the "medium" security level, i.e. "ssh" from the outside world are still not permitted which was absolutely not the case of "Roswell (2)" and which shows that the security level is still "high" (correct me if I'm wrong)! I thus find closing the bug a bit premature. I was perfectly aware of bug #25510, but that one is simply not relevant here!
ssh is not allowed through in *either* medium or high, unless it's specifically allowed as an exception.