David Parsley wrote:
On Wed, Feb 11, 2009 at 7:24 AM, John Summerfield
<[email protected] <mailto:[email protected]>>
wrote:
David Parsley wrote:
Hi all,
Not too long ago I noticed what I thought was a surprising
change in the
default firewall for systems I kickstart.
Despite just having 'firewall --enabled' in my kickstart, I
found this rule
in RH-Firewall-1-INPUT:
-A -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Why the heck is ssh globally open when I didn't specify it in my
kickstart?
This is surely a bug in Anaconda/Kickstart because the "firewall" option
states that ssh is enabled by --ssh - which implies to me that it should
be disabled by default.
Do you know a way to readily tune the firewall in %post? The only
reliable way I've found is to drop a script in /root that gets called in
/etc/rc.local on the first boot.
Wouldn't this work?
%post
/bin/sed -e '/--dport 22 -j/d' /etc/sysconfig/iptables
(Disclaimer: I haven't tried it)
--
Sam
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
