Hullo
I'm trying to create a spin using livecd-creator from livecd-tools-15.7-1.fc15.i686. However, I cannot get any firewall rules to pass through from the kickstart to the the livecd. I always seem to get a default firewall config that blocks everything, and the rules that I wanted in /etc/sysconfig/iptables get mv'd to /etc/sysconfig/iptables.old.
Elsewhere I've seen comments to this effect, but cannot find the definitive position in a bug tracker. Am I correct and how can I work around this?
regards Tim
How are you doing it? I'm using
firewall --enabled --service=mdns
or whatever in my kickstart, and it's working fine. If you're using customized iptables rules, you might find that they struggle if the kickstart firewall rule gets applied afterwards, though. You could try adding the rule creation stuff to the end of /etc/rc.d/init.d/livesys (see fedora-live-base.ks) so that it gets done at first boot rather than at image compile time.
James
On Sun, 2011-10-09 at 17:47 +0100, Tim Coote wrote:
Hullo
I'm trying to create a spin using livecd-creator from livecd-tools-15.7-1.fc15.i686. However, I cannot get any firewall rules to pass through from the kickstart to the the livecd. I always seem to get a default firewall config that blocks everything, and the rules that I wanted in /etc/sysconfig/iptables get mv'd to /etc/sysconfig/iptables.old.
Elsewhere I've seen comments to this effect, but cannot find the definitive position in a bug tracker. Am I correct and how can I work around this?
regards Tim -- livecd mailing list livecd@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/livecd
Thanks. It's good to know that it does normally work.
I have (my immediate aim is to do a headless build and login to check that it's worked): [root@trial ~]# grep firewall *ks fedora-live-base.ks:firewall --enabled --service=ssh fedora-live-base.ks:#firewall --disabled
[ the commented out disabled firewall also got overridden ]
Does it possibly come as a result of: [root@trial ~]# grep -i selinux *ks fedora-live-base.ks:selinux --disabled
as I think that the selinux handling looks non-trivial.
I'll check that out and /etc/rc.d/init.d/livesys
especially if pdb doesn't throw any light on the issue.
Tim On 9 Oct 2011, at 21:16, James Heather wrote:
How are you doing it? I'm using
firewall --enabled --service=mdns
or whatever in my kickstart, and it's working fine. If you're using customized iptables rules, you might find that they struggle if the kickstart firewall rule gets applied afterwards, though. You could try adding the rule creation stuff to the end of /etc/rc.d/init.d/livesys (see fedora-live-base.ks) so that it gets done at first boot rather than at image compile time.
James
On Sun, 2011-10-09 at 17:47 +0100, Tim Coote wrote:
Hullo
I'm trying to create a spin using livecd-creator from livecd-tools-15.7-1.fc15.i686. However, I cannot get any firewall rules to pass through from the kickstart to the the livecd. I always seem to get a default firewall config that blocks everything, and the rules that I wanted in /etc/sysconfig/iptables get mv'd to /etc/sysconfig/iptables.old.
Elsewhere I've seen comments to this effect, but cannot find the definitive position in a bug tracker. Am I correct and how can I work around this?
regards Tim -- livecd mailing list
livecd@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/livecd
-- livecd mailing list livecd@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/livecd
livecd@lists.fedoraproject.org