11:47 a.m.
Hullo
I'm trying to create a spin using livecd-creator from livecd-tools-15.7-1.fc15.i686.
However, I cannot get any firewall rules to pass through from the kickstart to the the
livecd. I always seem to get a default firewall config that blocks everything, and the
rules that I wanted in /etc/sysconfig/iptables get mv'd to
/etc/sysconfig/iptables.old.
Elsewhere I've seen comments to this effect, but cannot find the definitive position
in a bug tracker. Am I correct and how can I work around this?
regards
Tim
3:16 p.m.
How are you doing it? I'm using
firewall --enabled --service=mdns
or whatever in my kickstart, and it's working fine. If you're using
customized iptables rules, you might find that they struggle if the
kickstart firewall rule gets applied afterwards, though. You could try
adding the rule creation stuff to the end of /etc/rc.d/init.d/livesys
(see fedora-live-base.ks) so that it gets done at first boot rather than
at image compile time.
James
On Sun, 2011-10-09 at 17:47 +0100, Tim Coote wrote:
Hullo
I'm trying to create a spin using livecd-creator from livecd-tools-15.7-1.fc15.i686.
However, I cannot get any firewall rules to pass through from the kickstart to the the
livecd. I always seem to get a default firewall config that blocks everything, and the
rules that I wanted in /etc/sysconfig/iptables get mv'd to
/etc/sysconfig/iptables.old.
Elsewhere I've seen comments to this effect, but cannot find the definitive position
in a bug tracker. Am I correct and how can I work around this?
regards
Tim
--
livecd mailing list
livecd(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/livecd
4:57 p.m.
Thanks. It's good to know that it does normally work.
I have (my immediate aim is to do a headless build and login to check that it's
worked):
[root@trial ~]# grep firewall *ks
fedora-live-base.ks:firewall --enabled --service=ssh
fedora-live-base.ks:#firewall --disabled
[ the commented out disabled firewall also got overridden ]
Does it possibly come as a result of:
[root@trial ~]# grep -i selinux *ks
fedora-live-base.ks:selinux --disabled
as I think that the selinux handling looks non-trivial.
I'll check that out and /etc/rc.d/init.d/livesys
especially if pdb doesn't throw any light on the issue.
Tim
On 9 Oct 2011, at 21:16, James Heather wrote:
How are you doing it? I'm using
firewall --enabled --service=mdns
or whatever in my kickstart, and it's working fine. If you're using customized
iptables rules, you might find that they struggle if the kickstart firewall rule gets
applied afterwards, though. You could try adding the rule creation stuff to the end of
/etc/rc.d/init.d/livesys (see fedora-live-base.ks) so that it gets done at first boot
rather than at image compile time.
James
On Sun, 2011-10-09 at 17:47 +0100, Tim Coote wrote:
> Hullo
>
> I'm trying to create a spin using livecd-creator from
livecd-tools-15.7-1.fc15.i686. However, I cannot get any firewall rules to pass through
from the kickstart to the the livecd. I always seem to get a default firewall config that
blocks everything, and the rules that I wanted in /etc/sysconfig/iptables get mv'd to
/etc/sysconfig/iptables.old.
>
> Elsewhere I've seen comments to this effect, but cannot find the definitive
position in a bug tracker. Am I correct and how can I work around this?
>
> regards
> Tim
> --
> livecd mailing list
>
> livecd(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/livecd
--
livecd mailing list
livecd(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/livecd
4583
days inactive
4583
days old
livecd@lists.fedoraproject.org
2 comments
2 participants
participants (2)
-
James Heather -
Tim Coote