system-config-securitylevel (partially) useless?

Sjoerd Mullender sjoerd at
Mon Jun 11 20:35:07 UTC 2007

I just discovered the checkmark with file selector "Use the custom rules
file" in the Advanced Options tab of system-config-securitylevel (System
-> Administration -> Firewall and SELinux).  Is it me or is it totally

The blurb says that you can add additional rules to be added after the
defaults.  So the rules that you add are added after the rule

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

which means that your extra rules are never actually used.  All input
packets have already been directed to the REJECT rule by the time the
extra rules are seen.

Or am I missing something here?

If it's not me but the program, I'll bugzilla this.

This is in Fedora7 and system-config-securitylevel-1.7.0-1.fc7.

Sjoerd Mullender

More information about the fedora-list mailing list