[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhelv5-list] Kickstart firewall allowing global SSH by default?





On Wed, Feb 11, 2009 at 9:24 AM, Sharpe, Sam J <sam sharpe+lists redhat gmail com> wrote:
David Parsley wrote:
       Why the heck is ssh globally open when I didn't specify it in my
       kickstart?

This is surely a bug in Anaconda/Kickstart because the "firewall" option states that ssh is enabled by --ssh - which implies to me that it should be disabled by default.

Yes, thank you - my feelings exactly.

Do you know a way to readily tune the firewall in %post?  The only reliable way I've found is to drop a script in /root that gets called in /etc/rc.local on the first boot.

Wouldn't this work?

%post
/bin/sed -e '/--dport 22 -j/d' /etc/sysconfig/iptables

(Disclaimer: I haven't tried it)

Ah, you know - for some reason I wasn't trying to just edit that file directly, but rather start the firewall, run some 'iptables ...', then service iptables save.  That's what my current script does, and I like the results.  But anway, yeah, that should work to just disable ssh.

I guess I'll file a bug on this, and see if I get a WONTFIX.

David
--
David L. Parsley
Manager of Network Services, Bridgewater College
"If I have seen further, it is by standing on ye shoulders of giants"
- Isaac Newton

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]