On Mon, Mar 12, 2007 at 04:12:17PM -0500, Klaus Weidner wrote: > Changes (thanks to everyone who tested and contributed): > > Kickstart: disable firewall by default to match previous version behavior [...] > Add ssh-mls on port 222 to default firewall allowed ports > > Load firewall rules at boot; add IPSEC (ESP, AH, isakmp) to firewall > permits
An explanation for the firewall related changes - it turns out that this script (and all previous versions) had claimed to activate firewalling, but actually didn't since /etc/init.d/iptables was not being run at boot; it had been missing in the list of permitted services. The new version adds iptables as a permitted service, but sets the firewall to disabled in the kickstart file so that it won't break things for people who were expecting the previous behavior. It contains an example (lightly tested) in the ks file which contains lightly tested firewall rules to match common services (including IPSec). -Klaus -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
