[Fedora-livecd-list] Is it possible to configure the firewall in %post?

I'm trying to configure a firewall for my livecd. Currently, I'm calling lokkit in %post, though I've also tried using iptables and iptables-save. Unfortunately, no matter what I try, my configuration seems to be discarded. As far as I can tell, "lokkit" is run after the post scripts, to enable or disable selinux. This seems to recreate /etc/sysconfig/iptables and move my changes to /etc/sysconfig/iptables.old. My understanding is that "lokkit --selinux=enforcing" is not supposed to do anything other than enable selinux, but it definitely seems to also discard firewall configuration in my testing. Is this intended? Thanks, Aaron