Bug 681944

Summary: [RFE] ssh default allowed by kickstart firewall
Product: Red Hat Enterprise Linux 5 Reporter: Chris Lumens <clumens>
Component: pykickstartAssignee: Chris Lumens <clumens>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team-automation>
Severity: medium Docs Contact:
Priority: low    
Version: 5.3CC: atodorov, cww, gregswift, jstodola, parsley, rmunilla, tao
Target Milestone: rcKeywords: FutureFeature, Reopened, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pykickstart-0.43.9-1 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 485086 Environment:
Last Closed: 2011-07-21 07:57:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 485086, 577334    
Bug Blocks: 668576    

Comment 1 Chris Lumens 2011-03-03 16:57:21 UTC 
For my future reference, here's the pykickstart patch:

--- a/pykickstart/data.py
+++ b/pykickstart/data.py
@@ -32,7 +32,7 @@ class KickstartData:
         self.deviceprobe = ""
         self.displayMode = DISPLAY_MODE_GRAPHICAL
         self.driverdisk = ""
-        self.firewall = {"enabled": True, "ports": [], "trusts": []}
+        self.firewall = {"enabled": True, "ports": [], "trusts": [], "disableSsh": False}
         self.firstboot = FIRSTBOOT_SKIP
         self.ignoredisk = {"drives": [], "onlyuse": []}
         self.interactive = False
diff --git a/pykickstart/parser.py b/pykickstart/parser.py
index f1c6984..d3129ac 100644
--- a/pykickstart/parser.py
+++ b/pykickstart/parser.py
@@ -410,6 +410,8 @@ class KickstartHandlers:
         op.add_option("--port", dest="ports", action="callback",
                       callback=firewall_port_cb, nargs=1, type="string")
         op.add_option("--trust", dest="trusts", action="append")
+        op.add_option("--no-ssh", dest="disableSsh", action="store_true",
+                      default=False)
 
         (opts, extra) = op.parse_args(args=args)
         self._setToDict(op, opts, self.ksdata.firewall)
Comment 3 Alexander Todorov 2011-05-09 08:48:21 UTC 
Tested with pykickstart-1.68-1.el5 and anaconda-11.1.2.232-1. My ks.cfg contained:
firewall --enabled --no-ssh

ssh access was not configured in the firewall.
Comment 4 errata-xmlrpc 2011-07-21 07:57:17 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1022.html