scratch that..i forgot they changed it in 18. :)
From: Sean Omalley <omalley_s@xxxxxxxxxxxxxx>
To: Jon Masters <jcm@xxxxxxxxxx>; "arm@xxxxxxxxxxxxxxxxxxxxxxx" <arm@xxxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, December 21, 2012 1:29 PM
Subject: Re: F-18: sshd enabled by default + firewalld
_______________________________________________
arm mailing list
arm@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/arm
firewall-cmd --add-service=ssh
:)
From: Sean Omalley <omalley_s@xxxxxxxxxxxxxx>
To: Jon Masters <jcm@xxxxxxxxxx>; "arm@xxxxxxxxxxxxxxxxxxxxxxx" <arm@xxxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, December 21, 2012 1:29 PM
Subject: Re: F-18: sshd enabled by default + firewalld
> From: Jon Masters <jcm@xxxxxxxxxx>
> Personally, I've been just disabling and removing firewalld at the same
> time that I turn on the ssh service, but I am encouraged to hear that
> this is something we can just fix in a kickstart.
bad! :)
try:
system-config-firewall-tui
or just system-config-firewall if you have a gui.. :) I was initially thinking anaconda parsed the system-config-firewall data file, or just ran it.
It will regenerate the /etc/sysconfig/iptables file (overwriting the original.)
but that file should look like:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
> To: arm@xxxxxxxxxxxxxxxxxxxxxxx
> Sent: Friday, December 21, 2012 4:02 AM
> Subject: Re: F-18: sshd enabled by default + firewalld
> Sent: Friday, December 21, 2012 4:02 AM
> Subject: Re: F-18: sshd enabled by default + firewalld
> Personally, I've been just disabling and removing firewalld at the same
> time that I turn on the ssh service, but I am encouraged to hear that
> this is something we can just fix in a kickstart.
bad! :)
try:
system-config-firewall-tui
or just system-config-firewall if you have a gui.. :) I was initially thinking anaconda parsed the system-config-firewall data file, or just ran it.
It will regenerate the /etc/sysconfig/iptables file (overwriting the original.)
but that file should look like:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
_______________________________________________
arm mailing list
arm@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/arm
_______________________________________________ arm mailing list arm@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/arm
