smoothmilk wrote:
Why doesn't redhat-config-securitylevel's iptables rules
work?
If I turn off EVERYTHING (www, ftp, ssh, etc) and save, and even
manually restart iptables (# /sbin/service iptables restart) other
computers on my network can access www (even on weird, non-standard
ports with http servers on them) ftp, ssh, etc.
This is where it gets a little odd for me. 'Other computers on my
network can access www' What are these other computers? Unless they
gain access to Internet *through* your Fedora machine, the Fedora
machines firewall has NOTHING to do with those machines.
The current redhat-config-securitylevel tool works on rules that
control access to services running on the Fedora box, and cannot
influence any other machine attached to the same network accessing
other machines on that network.
So whats the point of even including that tool if it doesn't do
anything? I dont understand how it just flat out doesn't work. I have no
idea how iptables works, and because there's no documentation out there
for beginners who just want a script that's for eth0 with a simple www,
ssh and ftp server(s), Im stuck using rh's tools, which don't do
anything. there's no security here.
I can help. I suggest you go and seek the most basic understanding of
the nature of tcp/ip and ethernet networks, and have a good think
about it..
The redhat-config-securitylevel tool does pretty much exactly what it
is designed to do - Set up iptables rules to assist in controlling
access to services running on the host machine.
Cheers,
Michael