I'm having trouble modifying iptables configuration during a customized kickstart installation of CentOS 6. The kickstart process is installing several custom RPMs on top of a minimal ISO image. One of the rpms attempts to modify the iptables rules but after Anaconda completes the installation, the original default rules are still set in /etc/sysconfig/iptables.
I've tried using iptables (save|restore) but the iptables modules aren't available during the installation. iptables -L returns the error "can't initialize iptables 'filter': Table does not exist" and both save/restore commands fail to run.
After poking around I realized that the package system-config-firewall-base is installed and seems to be setting the default rules. Further, I see that my rules have been copied into /etc/sysconfig/iptables.old but I can't figure out what is causing that. I've tried adding Requires: system-config-firewall-base to my package in the hopes that I could change the rules in my %post after they've been set but that didn't work.
Installing this package after first boot sets up the rules correctly.
Any advice on how to correctly configure iptables during installation or else how to configure something to achieve this automatically on first boot?
Thanks.
Best Answer
You best bet is to edit the /etc/sysconfig/iptables file directly in a script in the %post section of your kickstart file. This will run after you have installed your packages.