Bug 72636 - Lokkit doesn't block anything under high security
Summary: Lokkit doesn't block anything under high security
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Public Beta
Classification: Retired
Component: gnome-lokkit
Version: null
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-08-26 08:01 UTC by Fred New
Modified: 2014-03-17 02:30 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-08-26 08:01:16 UTC
Embargoed:


Attachments (Terms of Use)

Description Fred New 2002-08-26 08:01:10 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.1) Gecko/20020809

Description of problem:
I ran lokkit from an SSH session, requesting high security and an open SSH port.
 Listing iptables afterwards showed that all ports were open with all protocols.

Version-Release number of selected component (if applicable):
lokkit-0.50-17

How reproducible:
Always

Steps to Reproduce:
1. From a virtual terminal, enter "lokkit".
2. Select "high" and "customize"
3. Select SSH.
4. Select OK
5. Select OK
6. iptables --list

Actual Results:  The first few lines for the RH-Lokkit-0-50-INPUT table show the
following:

target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
flags:SYN,RST,ACK/SYN
ACCEPT     all  --  anywhere             anywhere

Expected Results:  Instead of

ACCEPT     all  --  anywhere             anywhere

I expect to see something like the following to permit X to run:

ACCEPT     tcp  --  localhost.localdomain  localhost.localdomain
ACCEPT     udp  --  localhost.localdomain  localhost.localdomain

Additional info:

Comment 1 Bill Nottingham 2002-08-28 01:28:29 UTC
That 'anywhere' line is for traffic over the loopback interface.


Note You need to log in before you can comment on or make changes to this bug.