gripe/question: /etc/sysconfig/system-config-firewall???
Douglas McClendon
dmc.fedora at filteredperception.org
Mon Dec 31 01:10:44 UTC 2007
Douglas McClendon wrote:
> Anybody care to explain to me the logic of the file
>
> /etc/sysconfig/system-config-firewall
>
> which makes my kickstart and/or lokkit invocations not be respected?
>
> I.e. port 22 remains open even if I do
>
> lokkit --enabled
>
> (or just firewall --enabled in kickstart)
>
> It seems like if anything lokkit should be writing this file, not
> reading one installed by an rpm. But maybe I just need a clue. ???
Bahh, I still need a clue, but I'm suspecting now that something did
write to that file and it doesn't have 22 in it as installed. But
having seen but not read the thread here about packages opening up ports
in the firewall rules, I did do rpm -q --scripts openssh-server and
didn't see IT doing anything that would write to that file. clue
please...???
Basic issue: I do a kickstart install with
firewall --enabled
NOT
firewall --enabled --port=22:tcp
and I still see port 22 open, and the only clue I've found is that if I
delete the contents of /etc/sysconfig/system-config-firewall, then I can
actually get 22 closed via 'lokkit --enabled' which seems to be the
appropriate way. (though it seems like it should work without having to
muck with the sysconfig file)
-dmc
More information about the fedora-devel-list
mailing list