> From: Jon Masters <j...@redhat.com>
> To: arm@lists.fedoraproject.org
> Sent: Friday, December 21, 2012 4:02 AM
> Subject: Re: [fedora-arm] F-18: sshd enabled by default + firewalld
> Personally, I've been just disabling and removing firewalld at the same
> time that I turn on the ssh service, but I am encouraged to hear that
> this is something we can just fix in a kickstart.
bad! :)
try:
system-config-firewall-tui
or just system-config-firewall if you have a gui.. :) I was initially thinking
anaconda parsed the system-config-firewall data file, or just ran it.
It will regenerate the /etc/sysconfig/iptables file (overwriting the original.)
but that file should look like:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
_______________________________________________
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm