David Parsley wrote:
Hi all,
Not too long ago I noticed what I thought was a surprising change in the
default firewall for systems I kickstart.
Despite just having 'firewall --enabled' in my kickstart, I found this rule
in RH-Firewall-1-INPUT:
-A -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Why the heck is ssh globally open when I didn't specify it in my kickstart?
I found that it was somewhat hard to modify the firewall in %post, so that
now I dump a short script in /root that runs on the first boot and removes
this (in favor of local rules).
How are you installing? If you are using ssh at install time, having ssh
open later seems reasonable.
If interactive root logins are disabled (and I don't know whether they
are), and you choose good passwords, then I don't think you have cause
to panic.
You can tune it more elegantly your way in %post. That's also a good
time to install keys, if that's what you want.
--
Cheers
John
-- spambait
[email protected] [email protected]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
