Red Hat Bugzilla – Bug 177735
can't enable firewall within installer
Last modified: 2007-11-30 17:11:20 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5
Description of problem:
I dispute the wisdom of enabling boxes to be installed and booted up before the firewall can be set up in firstboot. I can see that in some cases this might be what you want, but most often you should boot the box up already secure the first time.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Install (no question asked about firewall or selinux any more)
2.Boot system up
3.Leave firstboot run unattended
Actual Results: You have a number of services running without anything to protect them until you get to answer the firstboot prompt.
Expected Results: Machine should be safe when it first boots up.
When anaconda is done, you have SELinux set in enforcing mode and basically all
ports but SSH closed. I say basically all because CUPS and mDNS are also open,
though you can't close those no matter what you do with the current
implementation of system-config-securitylevel (I have plans to fix that).
firstboot is really only giving you the opportunity to open more stuff up, as
the defaults are pretty strict now.