Red Hat Bugzilla – Bug 55289
Lokkit does not allow to modify security level
Last modified: 2014-03-16 22:24:02 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2.1) Gecko/20010901
Description of problem:
After checkmarking "medium" for the configuration of the firewall settings
during installation, I was wondering that "ntp" didn't work out of the box
as it did with "Roswell (2)", and that furthermore, "ssh" connections from
the outside world were refused. "nmap <hostname>" confirmed for instance
that port 123 which is used by "ntp" by default was closed, so obviously
"ntp" couldn't work. I launched "lokkit" as root and set the security level
to "medium". Exiting "lokkit" and relaunching "lokkit" proved the security
level still to remain "high". Rebooting the machine didn't change anything
either. By the way, why is there no bugzilla entry for "lokkit" whereas
there is one for "gnome-lokkit"? "gnome-lokkit" is not even installed by
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Launch "lokkit"
2. Set security level from "high" to "medium"
3. Launch "lokkit"
Actual Results: "Lokkit" displays "high" for the actual security level,
"ntp" still doesn't work, and "ssh" connections from the outside world are
still refused. This used to work with Roswell (2).
Expected Results: Security level should be "medium", "ntp" should be able
to use port 123 to query some remote time server, and "ssh" connections
from the outside world should be accepted.
*** This bug has been marked as a duplicate of 25510 ***
Hum, in my report, I clearly explained that it is not principally a matter of
"lokkit" not being able to -display- the previous settings, but that actually
the settings are -not- modified! Not displaying the actual settings is of course
suboptimal, however, the crucial point is: when selecting the "medium" security
level, i.e. "ssh" from the outside world are still not permitted which was
absolutely not the case of "Roswell (2)" and which shows that the security level
is still "high" (correct me if I'm wrong)! I thus find closing the bug a bit
premature. I was perfectly aware of bug #25510, but that one is simply not
ssh is not allowed through in *either* medium or high, unless it's specifically
allowed as an exception.