Bug 474937 - Kickstart F10 results in two "--dport 22" entries in iptables file
Summary: Kickstart F10 results in two "--dport 22" entries in iptables file
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: 10
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Chris Lumens
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-12-05 22:28 UTC by Mike Hanby
Modified: 2008-12-11 20:46 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-12-11 20:46:18 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
anaconda.log from the Fedora 10 i386 kickstart install (29.77 KB, text/plain)
2008-12-11 16:15 UTC, Mike Hanby 		no flags Details
View All

Description Mike Hanby 2008-12-05 22:28:42 UTC 
Description of problem:
I kickstart installed a Fedora 10 i386 system with the following firewall configuration specified in the kickstart file to enable SSH and NRPE:

firewall --enabled --port=22:tcp --port=5666:tcp

Following the install I looked at /etc/sysconfig/iptables and it had two entries for port 22:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5666 -j ACCEPT

And iptables status reports:

$ sudo /sbin/service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5666 
7    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         


Version-Release number of selected component (if applicable):


How reproducible:
I haven't had a chance to reinstall the system using the same kickstart file.

Steps to Reproduce:
1. Create a kickstart file with the firewall config line listed above
2. Kickstart the system
3. Check /etc/sysconfig/iptables following the install
  
Actual results:
Duplicate entries for SSH in the firewall script

Expected results:
A single entry for port 22

Additional info:
Comment 1 Chris Lumens 2008-12-09 18:56:02 UTC 
Can you attach /var/log/anaconda.log from your running system to this bug report?  That ought to tell us exactly which lokkit command was run so we can see where the problem here lies.  Thanks.
Comment 2 Mike Hanby 2008-12-11 16:15:07 UTC 
Created attachment 326634 [details]
anaconda.log from the Fedora 10 i386 kickstart install

Added the anaconda.log file as requested.
Comment 3 Chris Lumens 2008-12-11 20:46:18 UTC 
This will be fixed in the next build of anaconda.  Thanks for the bug report.
Note You need to log in before you can comment on or make changes to this bug.