I can think of a few ways to do a firewall from %post, here are a couple...
1. Use a here document, to rebuild /etc/sysconfig/iptables (This is more
"RedHat", as it retains the way they control firewall conf)
Look at /etc/sysconfig/iptables to get a handle on format....
%post
cat >/etc/sysconfig/iptables <<EOF
iptables rules that are in format that /etc/sysconfig/iptables can read
EOF
2. Use a here document to build an rc.firewall script called from rc.local
cat > /etc/rc.d/rc.firewall <<EOF
/sbin/iptables -A blah blah blah
EOF
chmod +x /etc/rc.d/rc.firewall
echo "/etc/rc.d/rc.firewall" >> /etc/rc.d/rc.local
I think the firewalls line probably doesn't have the fine grain control
you are looking for....
Andrew M. Williams wrote:
Is there a sane way to add iptables rules in the %post section
I want to allow 2049, 111, 32271 from a specified IP only.
I've tried issuing the iptables -A commands and doing a
/etc/init.d/iptables save with no luck. I don't see any method for
specifying an IP address in the firewalls line. I can definately do
some script-fu to fix this but I was looking for a nicer way of doing it.
- andrew
_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/kickstart-list
