Hide Forgot
Description of problem: firewall rules in kickstart get created by livecd-creator, but then mv'd to /etc/sysconfig/iptables.old and a vanilla set of rules installed. Digging in the source, I think that the problem could be due to a -f flag in the call to lokkit: args = ["/usr/sbin/lokkit", "-f", "--quiet", "--nostart"] # line 177 of /usr/lib/python2.7/site-packages/imgcreate/kickstart.py If I cut that "-f", out of the elements list, the process works as expected. Note that args is set this way in two places. Could be be a copy and paste problem? Version-Release number of selected component (if applicable): livecd-tools-15.7-1.fc15.i686 How reproducible: consistently on a 32bit vm under f15 Steps to Reproduce: 1.starting with a stock fedora-live-base.ks, update the firewall line to: firewall --enabled --service=ssh 2. run livecd-creator -c fedora-livecd-desktop.ks (ensuring that it's using the updated version of the files 3. either spin up the cd or look at the filesystem Actual results: and note that /etc/sysconfig/iptables.old is what you'd expect /etc/sysconfig/iptables to be. ssh is not let through the installed /etc/sysconfig/iptables. Expected results: /etc/sysconfig/iptables should include a rule to allow external connections on port 22. Additional info:
Thanks, it ends up the lokkit call gets called in 2 places, and the 2nd one always wins due to the -f flag. *** This bug has been marked as a duplicate of bug 769457 ***