From Fedora Project Wiki
Description
This test case tests whether configuring the firewall works correctly in a kickstart-driven installation.
Setup
- Prepare a test system (virtual or real) with sufficient memory to install Fedora, an empty hard disk (or such that you do not mind losing the contents of all connected hard disks: this test WILL wipe all hard disks connected to the test system), and (ideally) a network connection and another system from which you can connect to the test system
How to test
- Boot using a dedicated installer image for the Fedora release you wish to test
- At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter http://fedorapeople.org/groups/qa/kickstarts/firewall-configured-net.ks
- The installation should run unattended: allow it to complete
- Boot the installed system and log in as 'root' with password 'anaconda'
- Run
firewall-cmd --state
- Run
firewall-cmd --query-service ftp
- Run
firewall-cmd --query-port imap/tcp
- Run
firewall-cmd --query-port 1234/udp
- Run
firewall-cmd --query-port 47/tcp
- If possible, enable a service on one of the allowed ports (e.g. an FTP server) and try connecting to it from another system on the local network
- If possible, enable a service on a port not allowed by default or in the kickstart and try connecting to it from another system on the local network
Expected Results
firewall-cmd --state
should report running- All
firewall-cmd
query commands should report yes - Connecting to a running service on one of the allowed ports from other systems should work (so long as no other firewalls or similar are in the way)
- Connecting to a running service on a port not allowed by the kickstart or by default for the tested image should NOT work