On 20-09-15 11:01, Gordan Bobic wrote: > On 20/09/15 09:41, Jacco Ligthart wrote: >> >>>> Here my first iteration of a packagelist for core. >>>> I started with core form upstream, but removed: >>>> biosdevname >>>> btrfs-progs >>>> firewalld >>>> iprutils >>>> irqbalance >>>> kexec-tools >>>> policycoreutils >>>> selinux-policy-targeted >>>> tuned >>>> xfsprogs >>>> aic94xx-firmware >>>> bfa-firmware >>>> dracut-config-rescue >>>> ivtv-firmware >>>> iwl100-firmware >>>> iwl1000-firmware >>>> iwl105-firmware >>>> iwl135-firmware >>>> iwl2000-firmware >>>> iwl2030-firmware >>>> iwl3160-firmware >>>> iwl3945-firmware >>>> iwl4965-firmware >>>> iwl5000-firmware >>>> iwl5150-firmware >>>> iwl6000-firmware >>>> iwl6000g2a-firmware >>>> iwl6000g2b-firmware >>>> iwl6050-firmware >>>> iwl7260-firmware >>>> kernel-tools >>>> libertas-sd8686-firmware >>>> libertas-sd8787-firmware >>>> libertas-usb8388-firmware >>>> linux-firmware >>>> microcode_ctl >>>> NetworkManager-team >>>> ql2100-firmware >>>> ql2200-firmware >>>> ql23xx-firmware >>>> rdma >>>> dracut-config-generic >>>> dracut-fips >>>> dracut-fips-aesni >>>> dracut-network >>>> openssh-keycat >>>> selinux-policy-mls >>>> tboot >>>> (note: I wanted all firmware stuff to be board specific, therefore >>>> they >>>> are excluded from core) >>> >>> I'd keep firewalld and selinux related packages. >>> >> I excluded firewalld on purpose. If you install it, without extra >> configuration, it will block incoming SSH. This will be very >> inconvenient for headless installs. > > Fair point, but I thought ssh port is open by default. correct, if you configure firewalld. This is done normally somewhere in anaconda ... I think anaconda does something like: /usr/bin/firewall-offline-cmd--enabled--service=ssh (with optional extra ports, services, etc depending on user input)
I am now testing if we could get this to work in a rbf post install script, but for now the firewall does not seem to work at all :( I keep getting "ERROR: INVALID_ZONE" Has anybody got their firewalld up and running? Jacco _______________________________________________ users mailing list [email protected] http://lists.redsleeve.org/mailman/listinfo/users
