From Fedora Project Wiki

Note.png
Obsolete
The test case was split into QA:Testcase_kickstart_firewall_disabled and QA:Testcase_kickstart_firewall_configured on 2016-03-23 to make it simpler to follow and ease openQA result reporting.


Description

This test case tests whether firewall configuration works correctly in a kickstart-driven installation.

Setup

  1. Prepare a test system (virtual or real) with sufficient memory to install Fedora, an empty hard disk (or such that you do not mind losing the contents of all connected hard disks: this test WILL wipe all hard disks connected to the test system), and (ideally) a network connection and another system from which you can connect to the test system

How to test

  1. Boot using a dedicated installer image for the Fedora release you wish to test
  2. At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-disabled-net.ks
  3. The installation should run unattended: allow it to complete, boot the installed system, and check the state of the firewall using sudo iptables -L -v or sudo firewall-cmd --state, and/or by attempting to connect to a port or running service from the other test system
  4. Boot using a dedicated installer image for the Fedora release you wish to test
  5. At the boot menu, edit the options for one of the "Install Fedora" options to include the parameter inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-configured-net.ks
  6. The installation should run unattended: allow it to complete, boot the installed system, and check the state of the firewall using sudo iptables -L -v or sudo firewall-cmd --state, sudo firewall-cmd --get-zone-of-interface=(interface), and sudo firewall-cmd --list-all (zone), and/or by attempting to connect to various ports or running services from the other test system

Expected Results

  1. On the first installation, the firewall should be disabled
  2. On the second installation, the firewall should be enabled, and ports 143/tcp (IMAP), 1234/ucp, 47, and 21 (FTP) should be open. The relevant services will likely not be installed, so connecting to the ports will not necessarily "work", but it should not behave as if they are firewalled, and you could install and enable relevant services to do a functional test, if you liked.