I just discovered the checkmark with file selector "Use the custom rules file" in the Advanced Options tab of system-config-securitylevel (System -> Administration -> Firewall and SELinux). Is it me or is it totally useless? The blurb says that you can add additional rules to be added after the defaults. So the rules that you add are added after the rule -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited which means that your extra rules are never actually used. All input packets have already been directed to the REJECT rule by the time the extra rules are seen. Or am I missing something here? If it's not me but the program, I'll bugzilla this. This is in Fedora7 and system-config-securitylevel-1.7.0-1.fc7. -- Sjoerd Mullender
