We were writing --dport 22 to /etc/sysconfig/iptables twice beacuse ssh
was getting included both in the kickstart file and implicitly in
firewall.py. Check for that duplication.

While I'm at it, also actually handle --service= in the kickstart file
in firewall.py.

- Chris


diff --git a/firewall.py b/firewall.py
index f3e689d..ef543e6 100644
--- a/firewall.py
+++ b/firewall.py
@@ -35,7 +35,7 @@ class Firewall:
self.enabled = 1
self.trustdevs = []
self.portlist = []
- self.servicelist = ["ssh"]
+ self.servicelist = []

def writeKS(self, f):
f.write("firewall")
@@ -54,7 +54,10 @@ class Firewall:
if not self.enabled:
args.append("--disabled")
return args
-
+
+ if not "ssh" in self.servicelist and not "22:tcp" in self.portlist:
+ args += ["--service=ssh"]
+
for dev in self.trustdevs:
args = args + [ "--trust=%s" %(dev,) ]

diff --git a/kickstart.py b/kickstart.py
index 4d70d51..961da30 100644
--- a/kickstart.py
+++ b/kickstart.py
@@ -247,6 +247,9 @@ class Firewall(commands.firewall.F10_Firewall):
for port in self.ports:
self.handler.id.firewall.portlist.append (port)

+ for svc in self.services:
+ self.handler.id.firewall.servicelist.append (svc)
+
class Firstboot(commands.firstboot.FC3_Firstboot):
def parse(self, args):
commands.firstboot.FC3_Firstboot.parse(self, args)

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list