Bug 72636 - Lokkit doesn't block anything under high security
Lokkit doesn't block anything under high security
Status: CLOSED NOTABUG
Product: Red Hat Public Beta
Classification: Retired
Component: gnome-lokkit (Show other bugs)
null
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-08-26 04:01 EDT by Fred New
Modified: 2014-03-16 22:30 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-08-26 04:01:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Fred New 2002-08-26 04:01:10 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.1) Gecko/20020809

Description of problem:
I ran lokkit from an SSH session, requesting high security and an open SSH port.
 Listing iptables afterwards showed that all ports were open with all protocols.

Version-Release number of selected component (if applicable):
lokkit-0.50-17

How reproducible:
Always

Steps to Reproduce:
1. From a virtual terminal, enter "lokkit".
2. Select "high" and "customize"
3. Select SSH.
4. Select OK
5. Select OK
6. iptables --list

Actual Results:  The first few lines for the RH-Lokkit-0-50-INPUT table show the
following:

target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
flags:SYN,RST,ACK/SYN
ACCEPT     all  --  anywhere             anywhere

Expected Results:  Instead of

ACCEPT     all  --  anywhere             anywhere

I expect to see something like the following to permit X to run:

ACCEPT     tcp  --  localhost.localdomain  localhost.localdomain
ACCEPT     udp  --  localhost.localdomain  localhost.localdomain

Additional info:
Comment 1 Bill Nottingham 2002-08-27 21:28:29 EDT
That 'anywhere' line is for traffic over the loopback interface.

Note You need to log in before you can comment on or make changes to this bug.