Hi all, Not too long ago I noticed what I thought was a surprising change in the default firewall for systems I kickstart. Despite just having 'firewall --enabled' in my kickstart, I found this rule in RH-Firewall-1-INPUT: -A -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Why the heck is ssh globally open when I didn't specify it in my kickstart? I found that it was somewhat hard to modify the firewall in %post, so that now I dump a short script in /root that runs on the first boot and removes this (in favor of local rules). I did a little googling, and didn't see any reference to this, but I find it alarming. Anybody else? Regards, David -- David L. Parsley Manager of Network Services, Bridgewater College "If I have seen further, it is by standing on ye shoulders of giants" - Isaac Newton
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
