https://bugzilla.redhat.com/show_bug.cgi?id=753507
instead of telling user to make sure ports are open, ipa-server-install should offer to open them for you The following network ports must be open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp Would you like to modify the existing firewall configuration? [Y/n]
I'd like to point out that Fedora systems now have a very handy way of accomplishing this: http://fedoraproject.org/wiki/FirewallD/
I talked to the maintainer at some point in the past when the project want to ready yet. I knew it is coming. I am not sure it will be a priority until a bit later.
I've been testing on F18 and to my surprise iptables is gone. I figured out that it's been replaced with firewalld and now sports a handy way to adjust the current firewall settings without restarting the daemon and to permanently set the new settings. This is alluded to in the above comments. Given how nicely this integrates I thought ipa-server-install should be performing this as part of the setup. I see I'm not the first person to have this idea :-)
Now that firewalld is shipping in F18 and due to land in RHEL7 maybe we should reconsider this RFE again.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=885483 (Fedora)
For the record: I closed the duplicate ticket #1826.
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: Ticket Backlog
The bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=753507 has been reassigned to ansible-freeipa. It is providing the setup of the firewall with firewalld already for server and alse replica deployments. Therefore I am closing this ticket as fixed.
ansible-freeipa
Metadata Update from @twoerner: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.