FC3 and firewall rules
Rick Stevens
rstevens at vitalstream.com
Mon Mar 13 18:12:37 UTC 2006
On Mon, 2006-03-13 at 09:00 -0800, Bob Kinney wrote:
> I am curious about the philosophy of firewall management in Fedora.
>
> While trying to configure sshd on my machine, I used
> system-config-securitylevel, launched from the panel menu. ssh was
> checked as a trusted service.
>
> I couldn't connect from the remote machine, and the denied connections
> were listed in /var/log/messages.
>
> I ran firestarter, which didn't show port 22 open. I fixed that and now
> all is well.
>
> It is obvious that firestarter is much more robust for configuring security.
> What is the purpose then, for the securitylevel applet? Or, why does it
> not update the iptable properly? Aside from being able to configure SElinux,
> it seems kind of useless.
Securitylevel has always been problematic in my view...so much so that
I've never used it to set up firewalls. I either roll my own or use
FireStarter.
Now they've grafted SELinux onto it. I also roll my own SEL stuff so
I can't speak to how well securitylevel deals with it, but it wouldn't
surprise me if it had issues there as well. However I'm a nerd, so I
like to do my own stuff. I'm sure there's a superior SEL package akin
to FireStarter...I've just never looked.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- "I understand Windows 2000 has a Y2K problem." -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list