Red Hat Bugzilla – Bug 177735
can't enable firewall within installer
Last modified: 2007-11-30 17:11:20 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5 Description of problem: I dispute the wisdom of enabling boxes to be installed and booted up before the firewall can be set up in firstboot. I can see that in some cases this might be what you want, but most often you should boot the box up already secure the first time. Version-Release number of selected component (if applicable): FC5T2 How reproducible: Always Steps to Reproduce: 1.Install (no question asked about firewall or selinux any more) 2.Boot system up 3.Leave firstboot run unattended Actual Results: You have a number of services running without anything to protect them until you get to answer the firstboot prompt. Expected Results: Machine should be safe when it first boots up. Additional info:
When anaconda is done, you have SELinux set in enforcing mode and basically all ports but SSH closed. I say basically all because CUPS and mDNS are also open, though you can't close those no matter what you do with the current implementation of system-config-securitylevel (I have plans to fix that). firstboot is really only giving you the opportunity to open more stuff up, as the defaults are pretty strict now.