I'm trying to configure a firewall for my livecd. Currently, I'm
calling lokkit in %post, though I've also tried using iptables and
iptables-save. Unfortunately, no matter what I try, my configuration
seems to be discarded.
As far as I can tell, "lokkit" is run after the post scripts, to
enable or disable selinux. This seems to recreate
/etc/sysconfig/iptables and move my changes to
/etc/sysconfig/iptables.old.
My understanding is that "lokkit --selinux=enforcing" is not supposed
to do anything other than enable selinux, but it definitely seems to
also discard firewall configuration in my testing.
Is this intended?
Thanks,
Aaron