Re: [Kimchi-devel] [project-kimchi] [PATCH] spec: Open 8000 and 8001 port by default in spec.in post section. kimchi server use 8000 and 8001 port. Open 8000 and 8001 port by default in spec.in post section.
On 12/17/2013 02:36 PM, taget(a)linux.vnet.ibm.com wrote:
From: Eli Qiao <taget(a)linux.vnet.ibm.com>
Signed-off-by: Eli Qiao <taget(a)linux.vnet.ibm.com>
---
contrib/kimchi.spec.fedora.in | 5 +++++
contrib/kimchi.spec.suse.in | 5 +++++
2 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
index 14ec359..f21ae49 100644
--- a/contrib/kimchi.spec.fedora.in
+++ b/contrib/kimchi.spec.fedora.in
@@ -81,6 +81,11 @@ if [ $1 -eq 1 ] ; then
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi
+# open 8000 and 8001 port for firewall
+
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
+
%if 0%{?rhel} == 6
start kimchid
%else
diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
index 9051284..5209e03 100644
--- a/contrib/kimchi.spec.suse.in
+++ b/contrib/kimchi.spec.suse.in
@@ -47,6 +47,11 @@ install -Dm 0755 contrib/kimchid.sysvinit
%{buildroot}%{_initrddir}/kimchid
service kimchid start
chkconfig kimchid on
+# open 8000 and 8001 port for firewall
+
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
+
%preun
service kimchid stop
Eli,
Thanks for the patch. But it's not a reliable configuration. This rule
will be lost after reboot.
And shipping a configuration file is better than running commands in
spec file.
Please take a look at firewalld and firewalld.service
http://manpages.ubuntu.com/manpages/raring/man5/firewalld.service.5.html
It could be a better solution for the platforms where firewalld is
available.
--
project-kimchi mailing list <project-kimchi(a)googlegroups.com>
https://groups.google.com/forum/#!forum/project-kimchi
---
You received this message because you are subscribed to the Google Groups
"project-kimchi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
project-kimchi+unsubscribe(a)googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Attachments:
- attachment.html (text/html — 3.0 KB)