system-config-securitylevel (partially) useless?
sjoerd at acm.org
Mon Jun 11 20:35:07 UTC 2007
I just discovered the checkmark with file selector "Use the custom rules
file" in the Advanced Options tab of system-config-securitylevel (System
-> Administration -> Firewall and SELinux). Is it me or is it totally
The blurb says that you can add additional rules to be added after the
defaults. So the rules that you add are added after the rule
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
which means that your extra rules are never actually used. All input
packets have already been directed to the REJECT rule by the time the
extra rules are seen.
Or am I missing something here?
If it's not me but the program, I'll bugzilla this.
This is in Fedora7 and system-config-securitylevel-1.7.0-1.fc7.
More information about the fedora-list