system-config-securitylevel (partially) useless?
David Timms
dtimms at iinet.net.au
Mon Jun 11 22:33:06 UTC 2007
Sjoerd Mullender wrote:
> I just discovered the checkmark with file selector "Use the custom rules
> file" in the Advanced Options tab of system-config-securitylevel (System
> -> Administration -> Firewall and SELinux). Is it me or is it totally
> useless?
>
> The blurb says that you can add additional rules to be added after the
> defaults. So the rules that you add are added after the rule
>
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
>
> which means that your extra rules are never actually used. All input
> packets have already been directed to the REJECT rule by the time the
> extra rules are seen.
>
> Or am I missing something here?
>
> If it's not me but the program, I'll bugzilla this.
>
> This is in Fedora7 and system-config-securitylevel-1.7.0-1.fc7.
So maybe you can iptables --list before and after you try it out, and
tell us where the rule gets inserted ?
If it works correctly you could file a bug for the help text, if not
file a bug about it not working and why.
DaveT.
More information about the fedora-list
mailing list