Sjoerd Mullender wrote:
I just discovered the checkmark with file selector "Use the custom rules
file" in the Advanced Options tab of system-config-securitylevel (System
-> Administration -> Firewall and SELinux). Is it me or is it totally
useless?
The blurb says that you can add additional rules to be added after the
defaults. So the rules that you add are added after the rule
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
which means that your extra rules are never actually used. All input
packets have already been directed to the REJECT rule by the time the
extra rules are seen.
Or am I missing something here?
If it's not me but the program, I'll bugzilla this.
This is in Fedora7 and system-config-securitylevel-1.7.0-1.fc7.
So maybe you can iptables --list before and after you try it out, and
tell us where the rule gets inserted ?
If it works correctly you could file a bug for the help text, if not
file a bug about it not working and why.
DaveT.
