430091 – ipa-server-install should update iptables config

Bug 430091 - ipa-server-install should update iptables config

Summary: ipa-server-install should update iptables config

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	freeIPA
Classification:	Retired
Component:	ipa-server
Sub Component:
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Simo Sorce
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	freeipa10 429034
TreeView+	depends on / blocked

Reported:	2008-01-24 14:27 UTC by Chandrasekar Kannan
Modified:	2015-01-04 23:30 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-01-25 19:48:40 UTC
Embargoed:

Attachments	(Terms of Use)

Description Chandrasekar Kannan 2008-01-24 14:27:28 UTC

during ipa-server-install, we observed that
we if have a system with has firewall enabled, none of
the ports are then opened up. 

We believe we should automatically change iptables configuration
on the ipa-server machine to allow access to these ports.

Comment 1 Simo Sorce 2008-01-25 19:48:27 UTC

I don't believe in changing firewall settings from applications.
It is not a good security practice (and I hope SELinux would prevent that anyway).

At the end of the setup script we warn admins on the ports they need to open
(and that is also documented in the docs I bellieve).

Note You need to log in before you can comment on or make changes to this bug.