firewall not working as expected in kickstart

Question

I have following line in kickstart for firewall

firewall --enabled --service=ssh,glusterfs,tftp,ntp

I am expecting tftp server should be accessible from other system, but it was only accessible from local server.

firewall-cmd  --list-services
ssh dhcpv6-client

i did following steps and it start working

firewall-cmd --permanent --zone=public --add-service=tftp
firewall-cmd --reload

Why kickstart firewall command not working neither throwing any error

Update1: After reply of @Gracefulrestart I tried following options and still no success

firewall --enabled --service=ssh --service=glusterfs --service=tftp --service=ntp
firewall --enabled --service={ssh,glusterfs,tftp,ntp}

Output of list services is

firewall-cmd  --list-services
ssh dhcpv6-client

After adding manually

firewall-cmd --permanent --zone=public --add-service=tftp

firewall-cmd  --list-services
ssh dhcpv6-client tftp

Following are logs excerpt from /var/log/anaconda/journal.log

Apr 23 10:48:10 localhost program[6875]: Running... /usr/bin/firewall-offline-cmd --enabled --port=30083:tcp --port=9090:tcp --port=8080:tcp --service=tftp --service=ssh --service=glusterfs --service=ntp
Apr 23 10:48:10 localhost systemd[1]: Started Locale Service.
Apr 23 10:48:10 localhost program[6875]: INVALID_SERVICE: 'glusterfs' not among existing services
Apr 23 10:48:10 localhost program[6875]: Adding service 'tftp' to default zone.
Apr 23 10:48:10 localhost program[6875]: Adding service 'ssh' to default zone.
Apr 23 10:48:10 localhost program[6875]: ALREADY_ENABLED: ssh
Apr 23 10:48:10 localhost program[6875]: Adding service 'glusterfs' to default zone.
Apr 23 10:48:10 localhost program[6875]: Adding service 'ntp' to default zone.
Apr 23 10:48:10 localhost program[6875]: Adding port '30083/tcp' to default zone.
Apr 23 10:48:10 localhost program[6875]: Adding port '9090/tcp' to default zone.
Apr 23 10:48:10 localhost program[6875]: Adding port '8080/tcp' to default zone.
Apr 23 10:48:10 localhost program[6875]: Return code: 2

score 1 · Answer 1 · answered Apr 18 '19 at 19:01

1

I believe you have to pass the service option once for each service you are adding to the firewall:

firewall --enabled --service=ssh --service=glusterfs --service=tftp --service=ntp

I cannot remember if you can use bash brace expansion in kickstart, but it would look close to what you originally had:

firewall --enabled --service={ssh,glusterfs,tftp,ntp}

answered Apr 18 '19 at 19:01

GracefulRestart

4,421
1
9
10

Sorry for late update, i have updated question under update1: for sake of better formatting – ImranRazaKhan Apr 23 '19 at 07:25

score 0 · Accepted Answer · answered Apr 23 '19 at 12:04

Please find below details to fix this issue, As per official docs

A minimal installation's %packages section which will also configure the firewall 
will look similar to the following:

%packages
@Core
authconfig
system-config-firewall-base

in my case authconfig was missing.

Second also follow suggestion of @GracefulRestart for proper syntax

firewall not working as expected in kickstart

2 Answers2