[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: gripe/question: /etc/sysconfig/system-config-firewall???



Douglas McClendon wrote:
Douglas McClendon wrote:
Anybody care to explain to me the logic of the file

/etc/sysconfig/system-config-firewall

which makes my kickstart and/or lokkit invocations not be respected?

I.e. port 22 remains open even if I do

lokkit --enabled

(or just firewall --enabled in kickstart)

It seems like if anything lokkit should be writing this file, not reading one installed by an rpm. But maybe I just need a clue. ???

Bahh, I still need a clue, but I'm suspecting now that something did write to that file and it doesn't have 22 in it as installed. But having seen but not read the thread here about packages opening up ports in the firewall rules, I did do rpm -q --scripts openssh-server and didn't see IT doing anything that would write to that file. clue please...???

Basic issue: I do a kickstart install with

firewall --enabled

NOT

firewall --enabled --port=22:tcp

and I still see port 22 open, and the only clue I've found is that if I delete the contents of /etc/sysconfig/system-config-firewall, then I can actually get 22 closed via 'lokkit --enabled' which seems to be the appropriate way. (though it seems like it should work without having to muck with the sysconfig file)


I'm not sure how /etc/sysconfig/system-config-firewall is /actually/ related to iptables (or -the service- /etc/sysconfig/iptables if you will), other then providing a set of defaults for the s-c-f application itself (firstboot uses it too maybe?).

I agree with you though firewall --enabled should lock down the box, and not have a sneaky --port=22:tcp, but I don't know how (other then %post) and I don't know if it's related to /etc/sysconfig/s-c-f

Just my $0.02

Kind regards,

Jeroen van Meeuwen
-kanarip



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]