From Fedora Project Wiki
Description
This test case tests whether firewall configuration works correctly in a kickstart-driven installation.
Setup
- Prepare a test system (virtual or real) with sufficient memory to install Fedora, an empty hard disk (or such that you do not mind losing the contents of all connected hard disks: this test WILL wipe all hard disks connected to the test system), and (ideally) a network connection and another system from which you can connect to the test system
How to test
- Boot using a dedicated installer image for the Fedora release you wish to test
- At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-disabled-net.ks
- The installation should run unattended: allow it to complete, boot the installed system, and check the state of the firewall using
sudo iptables -L -v
orsudo firewall-cmd --state
, and/or by attempting to connect to a port or running service from the other test system - Boot using a dedicated installer image for the Fedora release you wish to test
- At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-configured-net.ks
- The installation should run unattended: allow it to complete, boot the installed system, and check the state of the firewall using
sudo iptables -L -v
orsudo firewall-cmd --state
,sudo firewall-cmd --get-zone-of-interface=(interface)
, andsudo firewall-cmd --list-all (zone)
, and/or by attempting to connect to various ports or running services from the other test system
Expected Results
- On the first installation, the firewall should be disabled
- On the second installation, the firewall should be enabled, and ports 143/tcp (IMAP), 1234/ucp, 47, and 21 (FTP) should be open. The relevant services will likely not be installed, so connecting to the ports will not necessarily "work", but it should not behave as if they are firewalled, and you could install and enable relevant services to do a functional test, if you liked.