FC3 and firewall rules 2006-03-13 - By Rick Stevens
Back
On Mon, 2006-03-13 at 09:00 -0800, Bob Kinney wrote:
> I am curious about the philosophy of firewall management in Fedora.
>
> While trying to configure sshd on my machine, I used
> system-config-securitylevel, launched from the panel menu. ssh was
> checked as a trusted service.
>
> I couldn't connect from the remote machine, and the denied connections
> were listed in /var/log/messages.
>
> I ran firestarter, which didn't show port 22 open. I fixed that and now
> all is well.
>
> It is obvious that firestarter is much more robust for configuring security.
> What is the purpose then, for the securitylevel applet? Or, why does it
> not update the iptable properly? Aside from being able to configure SElinux,
> it seems kind of useless.
Securitylevel has always been problematic in my view...so much so that
I've never used it to set up firewalls. I either roll my own or use
FireStarter.
Now they've grafted SELinux onto it. I also roll my own SEL stuff so
I can't speak to how well securitylevel deals with it, but it wouldn't
surprise me if it had issues there as well. However I'm a nerd, so I
like to do my own stuff. I'm sure there's a superior SEL package akin
to FireStarter...I've just never looked.
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
- Rick Stevens, Senior Systems Engineer rstevens@(protected) -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- "I understand Windows 2000 has a Y2K problem." -
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Redhat-install-list mailing list
Redhat-install-list@(protected)
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@(protected)
Subject: unsubscribe
|
|
