Chris Lumens wrote:
> We were writing --dport 22 to /etc/sysconfig/iptables twice beacuse ssh
> was getting included both in the kickstart file and implicitly in
> firewall.py. Check for that duplication.
>
> While I'm at it, also actually handle --service= in the kickstart file
> in firewall.py.
>
> - Chris
>
>
> diff --git a/firewall.py b/firewall.py
> index f3e689d..ef543e6 100644
> --- a/firewall.py
> +++ b/firewall.py
> @@ -35,7 +35,7 @@ class Firewall:
> self.enabled = 1
> self.trustdevs = []
> self.portlist = []
> - self.servicelist = ["ssh"]
> + self.servicelist = []
>
> def writeKS(self, f):
> f.write("firewall")
> @@ -54,7 +54,10 @@ class Firewall:
> if not self.enabled:
> args.append("--disabled")
> return args
> -
> +
> + if not "ssh" in self.servicelist and not "22:tcp" in self.portlist:
> + args += ["--service=ssh"]
> +
> for dev in self.trustdevs:
> args = args + [ "--trust=%s" %(dev,) ]
>
> diff --git a/kickstart.py b/kickstart.py
> index 4d70d51..961da30 100644
> --- a/kickstart.py
> +++ b/kickstart.py
> @@ -247,6 +247,9 @@ class Firewall(commands.firewall.F10_Firewall):
> for port in self.ports:
> self.handler.id.firewall.portlist.append (port)
>
> + for svc in self.services:
> + self.handler.id.firewall.servicelist.append (svc)
> +
> class Firstboot(commands.firstboot.FC3_Firstboot):
> def parse(self, args):
> commands.firstboot.FC3_Firstboot.parse(self, args)
Looks good.
--
David Cantrell <dcantrell@xxxxxxxxxx>
Red Hat / Honolulu, HI
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
