Bug 769339 - Cannot disable firewall via kickstart
Cannot disable firewall via kickstart
Status: CLOSED DUPLICATE of bug 733778
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Anaconda Maintenance Team
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2011-12-20 09:41 EST by John Florian
Modified: 2011-12-21 13:35 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-12-21 13:04:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Florian 2011-12-20 09:41:03 EST
Description of problem:
It appears that with the introduction of systemd and native units for iptables.service, it is no longer possible to have a kickstart disable this service using the conventional "firewall --disabled" directive.

Version-Release number of selected component (if applicable):
Whatever shipped with the F16 DVD image, which I suspect is 16.25-1.fc16.

How reproducible:

Steps to Reproduce:
1. Modify an existing kickstart file to include the "firewall --disabled" directive.
2. Make a spin.
Actual results:
The custom spin still has iptables.service enabled.

Expected results:
The iptables.service should be disabled.

Additional info:
I'm actually producing the spins with livecd-tools, if that somehow matters.
Comment 1 Chris Lumens 2011-12-20 10:07:41 EST
Please attach /tmp/anaconda.log and /tmp/program.log to this bug report so we can see what's going on.  Thanks.
Comment 2 John Florian 2011-12-20 10:43:44 EST
(In reply to comment #1)
> Please attach /tmp/anaconda.log and /tmp/program.log to this bug report so we
> can see what's going on.  Thanks.

Those would be immensely helpful and I'd be happy to, but I don't know that those are available when using livecd-creator.  I've used the --shell option and looked around for them at that stage and found nothing.  I also looked around on the host which is running livecd-creator, but found nothing there either.

Any ideas?

For the record, I also tried changing "firewall --disabled" to "firewall --enabled --service=ssh" and that seemed to have no affect either.  With that, the iptables service is still enabled, but port 22 hasn't been opened up.
Comment 3 John Florian 2011-12-20 16:33:17 EST
Upon further review of things, I think perhaps this bug should be filed not against anaconda, but to python-imgcreate instead.  I would have guessed that livecd-tools somehow wrapped around anaconda, but it appears to use python-imgcreate which has its own kickstart parser and related methods to emulate what anaconda does.  Or perhaps anaconda also uses python-imgcreate?
Comment 4 Chris Lumens 2011-12-21 13:04:40 EST

*** This bug has been marked as a duplicate of bug 733778 ***
Comment 5 John Florian 2011-12-21 13:35:56 EST
I don't believe this is a duplicate.  My situation requires the use of livecd-tools (and python-imgcreate indirectly) whereas #733778 makes no mention of either.

This problem may be related to another bug I also filed yesterday, #769457.

Note You need to log in before you can comment on or make changes to this bug.