On 12/17/2013 02:36 PM, taget@linux.vnet.ibm.com wrote:
From: Eli Qiao <taget@linux.vnet.ibm.com>

Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com>
---
 contrib/kimchi.spec.fedora.in |    5 +++++
 contrib/kimchi.spec.suse.in   |    5 +++++
 2 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
index 14ec359..f21ae49 100644
--- a/contrib/kimchi.spec.fedora.in
+++ b/contrib/kimchi.spec.fedora.in
@@ -81,6 +81,11 @@ if [ $1 -eq 1 ] ; then
     /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 fi

+# open 8000 and 8001 port for firewall
+
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
+
 %if 0%{?rhel} == 6
 start kimchid
 %else
diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
index 9051284..5209e03 100644
--- a/contrib/kimchi.spec.suse.in
+++ b/contrib/kimchi.spec.suse.in
@@ -47,6 +47,11 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid
 service kimchid start
 chkconfig kimchid on

+# open 8000 and 8001 port for firewall
+
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
+
 %preun
 service kimchid stop

Eli,
Thanks for the patch. But it's not a reliable configuration. This rule will be lost after reboot.
And shipping a configuration file is better than running commands in spec file.

Please take a look at firewalld and firewalld.service http://manpages.ubuntu.com/manpages/raring/man5/firewalld.service.5.html

It could be a better solution for the platforms where firewalld is available.

--
project-kimchi mailing list <project-kimchi@googlegroups.com>
https://groups.google.com/forum/#!forum/project-kimchi
---
You received this message because you are subscribed to the Google Groups "project-kimchi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to project-kimchi+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.