Make sure ssh doesn't get duplicated in the open port list (#474937).

Since ssh is always opened by anaconda, it can be listed twice if the
kickstart file lists ssh as an allowed port.  Make sure to only add ssh to
the open port list if it's not already specified by the kickstart file.

2 files changed, 8 insertions, 2 deletions

diff --git a/firewall.py b/firewall.py
index f3e689d95..ef543e6dd 100644
--- a/firewall.py
+++ b/firewall.py
@@ -35,7 +35,7 @@ class Firewall:
 	self.enabled = 1
         self.trustdevs = []
 	self.portlist = []
-        self.servicelist = ["ssh"]
+        self.servicelist = []
 
     def writeKS(self, f):
 	f.write("firewall")
@@ -54,7 +54,10 @@ class Firewall:
         if not self.enabled:
             args.append("--disabled")
             return args
-        
+
+        if not "ssh" in self.servicelist and not "22:tcp" in self.portlist:
+            args += ["--service=ssh"]
+
         for dev in self.trustdevs:
             args = args + [ "--trust=%s" %(dev,) ]
 
diff --git a/kickstart.py b/kickstart.py
index 4d70d5195..961da30e6 100644
--- a/kickstart.py
+++ b/kickstart.py
@@ -247,6 +247,9 @@ class Firewall(commands.firewall.F10_Firewall):
         for port in self.ports:
             self.handler.id.firewall.portlist.append (port)
 
+        for svc in self.services:
+            self.handler.id.firewall.servicelist.append (svc)
+
 class Firstboot(commands.firstboot.FC3_Firstboot):
     def parse(self, args):
         commands.firstboot.FC3_Firstboot.parse(self, args)