Gnome Lokkit firewall package prior to 0.41 does not properly restrict access to some ports, even if a user does not make any services available.
alan cox gnome-lokkit 0.1
Vulmon