Why doesn't redhat-config-securitylevel's iptables rules work?
If I turn off EVERYTHING (www, ftp, ssh, etc) and save, and even
manually restart iptables (# /sbin/service iptables restart) other
computers on my network can access www (even on weird, non-standard
ports with http servers on them) ftp, ssh, etc.
This is where it gets a little odd for me. 'Other computers on my network can access www' What are these other computers? Unless they gain access to Internet *through* your Fedora machine, the Fedora machines firewall has NOTHING to do with those machines.
The current redhat-config-securitylevel tool works on rules that control access to services running on the Fedora box, and cannot influence any other machine attached to the same network accessing other machines on that network.
So whats the point of even including that tool if it doesn't do
anything? I dont understand how it just flat out doesn't work. I have no
idea how iptables works, and because there's no documentation out there
for beginners who just want a script that's for eth0 with a simple www,
ssh and ftp server(s), Im stuck using rh's tools, which don't do
anything. there's no security here.
I can help. I suggest you go and seek the most basic understanding of the nature of tcp/ip and ethernet networks, and have a good think about it..
The redhat-config-securitylevel tool does pretty much exactly what it is designed to do - Set up iptables rules to assist in controlling access to services running on the host machine.
Cheers, Michael
