On Wed, Feb 11, 2009 at 9:24 AM, Sharpe, Sam J < [email protected] <sam.sharpe%[email protected]>>wrote:
> David Parsley wrote: > >> Why the heck is ssh globally open when I didn't specify it in my >> kickstart? >> > > This is surely a bug in Anaconda/Kickstart because the "firewall" option > states that ssh is enabled by --ssh - which implies to me that it should be > disabled by default. > Yes, thank you - my feelings exactly. > > Do you know a way to readily tune the firewall in %post? The only >> reliable way I've found is to drop a script in /root that gets called in >> /etc/rc.local on the first boot. >> > > Wouldn't this work? > > %post > /bin/sed -e '/--dport 22 -j/d' /etc/sysconfig/iptables > > (Disclaimer: I haven't tried it) Ah, you know - for some reason I wasn't trying to just edit that file directly, but rather start the firewall, run some 'iptables ...', then service iptables save. That's what my current script does, and I like the results. But anway, yeah, that should work to just disable ssh. I guess I'll file a bug on this, and see if I get a WONTFIX. David -- David L. Parsley Manager of Network Services, Bridgewater College "If I have seen further, it is by standing on ye shoulders of giants" - Isaac Newton
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
