6 commits - generic/fedora-18-x86_64-cloud.ks generic/fedora-18-x86_64.ks generic/fedora-18-x86_64-minimal.ks

[Garrett Holmstrom]

On 2012-12-13 14:09, Matthew Miller wrote:
> +# Remove firewalld; was supposed to be optional in F18, but is required to
> +# be present for install/image building.
> +echo "Removing firewalld and dependencies"
> +yum -C -y remove firewalld
> +# These are all pulled in by firewalld (libselinux-python is too, but
> +# is also required by cloud-init).
> +yum -C -y remove cairo dbus-glib dbus-python ebtables fontconfig fontpackages-filesystem gobject-introspection js libdrm libpciaccess libpng libwayland-client libwayland-server libX11 libX11-common libXau libxcb libXdamage libXext libXfixes libXrender libXxf86vm mesa-libEGL mesa-libgbm mesa-libGL mesa-libglapi pixman polkit pycairo pygobject2 pygobject3 python-decorator python-slip python-slip-dbus

We should keep a careful eye on this one; pygobject3 is getting 
refactored to trim its dependencies somewhat.

> +# Non-firewalld-firewall
> +echo -n "Writing static firewall"
> +cat <<EOF > /etc/sysconfig/iptables
> +# Simple static firewall loaded by iptables.service. Replace
> +# this with your own custom rules, run lokkit, or switch to
> +# shorewall or firewalld as your needs dictate.
> +*filter
> +:INPUT ACCEPT [0:0]
> +:FORWARD ACCEPT [0:0]
> +:OUTPUT ACCEPT [0:0]
> +-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
> +-A INPUT -p icmp -j ACCEPT
> +-A INPUT -i lo -j ACCEPT
> +-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
> +-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
> +-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
> +-A INPUT -j REJECT --reject-with icmp-host-prohibited
> +-A FORWARD -j REJECT --reject-with icmp-host-prohibited
> +COMMIT
> +EOF

What do I need to file a bug against to get the EC2 image's firewall 
removed?

--
Garrett Holmstrom