Bug 430091

Summary: ipa-server-install should update iptables config
Product: [Retired] freeIPA Reporter: Chandrasekar Kannan <ckannan>
Component: ipa-serverAssignee: Simo Sorce <ssorce>
Status: CLOSED WONTFIX QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: high    
Version: 1.0CC: benl, mgregg, rcritten, shillman, ssorce, yzhang
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-25 19:48:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 246164, 429034    

Description Chandrasekar Kannan 2008-01-24 14:27:28 UTC 
during ipa-server-install, we observed that
we if have a system with has firewall enabled, none of
the ports are then opened up. 

We believe we should automatically change iptables configuration
on the ipa-server machine to allow access to these ports.
Comment 1 Simo Sorce 2008-01-25 19:48:27 UTC 
I don't believe in changing firewall settings from applications.
It is not a good security practice (and I hope SELinux would prevent that anyway).

At the end of the setup script we warn admins on the ports they need to open
(and that is also documented in the docs I bellieve).