Bug 474937 - Kickstart F10 results in two "--dport 22" entries in iptables file
Kickstart F10 results in two "--dport 22" entries in iptables file
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
10
All Linux
low Severity low
: ---
: ---
Assigned To: Chris Lumens
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-05 17:28 EST by Mike Hanby
Modified: 2008-12-11 15:46 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-11 15:46:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
anaconda.log from the Fedora 10 i386 kickstart install (29.77 KB, text/plain)
2008-12-11 11:15 EST, Mike Hanby
no flags Details

  None (edit)
Description Mike Hanby 2008-12-05 17:28:42 EST
Description of problem:
I kickstart installed a Fedora 10 i386 system with the following firewall configuration specified in the kickstart file to enable SSH and NRPE:

firewall --enabled --port=22:tcp --port=5666:tcp

Following the install I looked at /etc/sysconfig/iptables and it had two entries for port 22:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5666 -j ACCEPT

And iptables status reports:

$ sudo /sbin/service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5666 
7    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         


Version-Release number of selected component (if applicable):


How reproducible:
I haven't had a chance to reinstall the system using the same kickstart file.

Steps to Reproduce:
1. Create a kickstart file with the firewall config line listed above
2. Kickstart the system
3. Check /etc/sysconfig/iptables following the install
  
Actual results:
Duplicate entries for SSH in the firewall script

Expected results:
A single entry for port 22

Additional info:
Comment 1 Chris Lumens 2008-12-09 13:56:02 EST
Can you attach /var/log/anaconda.log from your running system to this bug report?  That ought to tell us exactly which lokkit command was run so we can see where the problem here lies.  Thanks.
Comment 2 Mike Hanby 2008-12-11 11:15:07 EST
Created attachment 326634 [details]
anaconda.log from the Fedora 10 i386 kickstart install

Added the anaconda.log file as requested.
Comment 3 Chris Lumens 2008-12-11 15:46:18 EST
This will be fixed in the next build of anaconda.  Thanks for the bug report.

Note You need to log in before you can comment on or make changes to this bug.