[Fedora-livecd-list] Is it possible to configure the firewall in %post?
Aaron Cohen
aaron at assonance.org
Thu Jun 30 13:01:27 UTC 2011
On Thu, Jun 30, 2011 at 7:40 AM, Alan Pevec <apevec at gmail.com> wrote:
> On Thu, Jun 30, 2011 at 11:05 AM, James Heather <j.heather at surrey.ac.uk> wrote:
>> It does also depend on how much control you want. If it's a case of enabling
>> access to particular services, you can do it with
>>
>> firewall --enabled --service=mdns
>>
>> in your kickstart. That line appears in fedora-live-base.ks. I don't know if
>> you can put specific ports and protocols in there. (There isn't any
>> documentation that I've been able to find on the detailed syntax of
>> kickstart files. Maybe I missed it.)
>
> RTFS is the ultimate documentation:
> http://git.fedorahosted.org/git/?p=pykickstart.git;a=blob;f=pykickstart/commands/firewall.py
I don't believe this actually works.
On more investigation, the problem is definitely in
/usr/lib/python2.7/site-packages/imgcreate/kickstart.py, line 557:
args = ["/usr/sbin/lokkit", "-f", "--quiet", "--nostart"]
This will cause "SelinuxConfig" to always completely reinitialize the
firewall configuration. lokkit apparently reinitializes the firewall
unless "--selinux" is the only command line option.
I'm suspicious that no one else has noticed this, it makes the
"firewall" kickstart option and any attempt to configure the firewall
manually in %post all useless unless I'm misunderstanding something.
Am I just doing something wrong?
This is all using livecd-tools from Fedora 15, for what it's worth.
--Aaron
More information about the livecd
mailing list