On 2012-12-13 14:09, Matthew Miller wrote:
+# Remove firewalld; was supposed to be optional in F18, but is
required to
+# be present for install/image building.
+echo "Removing firewalld and dependencies"
+yum -C -y remove firewalld
+# These are all pulled in by firewalld (libselinux-python is too, but
+# is also required by cloud-init).
+yum -C -y remove cairo dbus-glib dbus-python ebtables fontconfig fontpackages-filesystem
gobject-introspection js libdrm libpciaccess libpng libwayland-client libwayland-server
libX11 libX11-common libXau libxcb libXdamage libXext libXfixes libXrender libXxf86vm
mesa-libEGL mesa-libgbm mesa-libGL mesa-libglapi pixman polkit pycairo pygobject2
pygobject3 python-decorator python-slip python-slip-dbus
We should keep a careful eye on this one; pygobject3 is getting
refactored to trim its dependencies somewhat.
+# Non-firewalld-firewall
+echo -n "Writing static firewall"
+cat <<EOF > /etc/sysconfig/iptables
+# Simple static firewall loaded by iptables.service. Replace
+# this with your own custom rules, run lokkit, or switch to
+# shorewall or firewalld as your needs dictate.
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
What do I need to file a bug against to get the EC2 image's firewall
removed?
--
Garrett Holmstrom