On 2012-12-13 14:09, Matthew Miller wrote:
+# Remove firewalld; was supposed to be optional in F18, but is required to +# be present for install/image building. +echo "Removing firewalld and dependencies" +yum -C -y remove firewalld +# These are all pulled in by firewalld (libselinux-python is too, but +# is also required by cloud-init). +yum -C -y remove cairo dbus-glib dbus-python ebtables fontconfig fontpackages-filesystem gobject-introspection js libdrm libpciaccess libpng libwayland-client libwayland-server libX11 libX11-common libXau libxcb libXdamage libXext libXfixes libXrender libXxf86vm mesa-libEGL mesa-libgbm mesa-libGL mesa-libglapi pixman polkit pycairo pygobject2 pygobject3 python-decorator python-slip python-slip-dbus
We should keep a careful eye on this one; pygobject3 is getting refactored to trim its dependencies somewhat.
+# Non-firewalld-firewall +echo -n "Writing static firewall" +cat <<EOF > /etc/sysconfig/iptables +# Simple static firewall loaded by iptables.service. Replace +# this with your own custom rules, run lokkit, or switch to +# shorewall or firewalld as your needs dictate. +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT +-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT +-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT +EOF
What do I need to file a bug against to get the EC2 image's firewall removed?
-- Garrett Holmstrom _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud
