Thanks. It's good to know that it does normally work. I have (my immediate aim is to do a headless build and login to check that it's worked): [root@trial ~]# grep firewall *ks fedora-live-base.ks:firewall --enabled --service=ssh fedora-live-base.ks:#firewall --disabled
[ the commented out disabled firewall also got overridden ] Does it possibly come as a result of: [root@trial ~]# grep -i selinux *ks fedora-live-base.ks:selinux --disabled as I think that the selinux handling looks non-trivial. I'll check that out and /etc/rc.d/init.d/livesys especially if pdb doesn't throw any light on the issue. Tim On 9 Oct 2011, at 21:16, James Heather wrote: > How are you doing it? I'm using > > firewall --enabled --service=mdns > > or whatever in my kickstart, and it's working fine. If you're using > customized iptables rules, you might find that they struggle if the kickstart > firewall rule gets applied afterwards, though. You could try adding the rule > creation stuff to the end of /etc/rc.d/init.d/livesys (see > fedora-live-base.ks) so that it gets done at first boot rather than at image > compile time. > > James > > On Sun, 2011-10-09 at 17:47 +0100, Tim Coote wrote: >> Hullo >> >> I'm trying to create a spin using livecd-creator from >> livecd-tools-15.7-1.fc15.i686. However, I cannot get any firewall rules to >> pass through from the kickstart to the the livecd. I always seem to get a >> default firewall config that blocks everything, and the rules that I wanted >> in /etc/sysconfig/iptables get mv'd to /etc/sysconfig/iptables.old. >> >> Elsewhere I've seen comments to this effect, but cannot find the definitive >> position in a bug tracker. Am I correct and how can I work around this? >> >> regards >> Tim >> -- >> livecd mailing list >> >> [email protected] >> https://admin.fedoraproject.org/mailman/listinfo/livecd > > -- > livecd mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/livecd -- livecd mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/livecd
