Setting up Fedora Core Linux

It is fairly straight forward, but there are a few tricks.

• Don't try to install an "extra" packages. The installer will crash. Do it post-installation.
• It may be desirable to change /etc/selinux/config to permissive (but not disabled as that may require re-labeling of the drive?)
• Set time properly

  ntpdate -u 0.fedora.pool.ntp.org
  chkconfig --level 2345 ntpd on
  service ntpd start
  

• Remove gcj: yum remove libgcj
• Install and configure shorewall (see below)
• Update packages
• Ensure there are no 32-bit binaries if on a 64-bit system. Run rpm -qa --qf "%{name} %{arch}\n" to see the list of 32-bit things that need to be removed.

Shorewall

This is a simplified description. Look at actual machines, etc...

• Zones

  fw      firewall
  topaz   ipv4
  net     ipv4
  

• Hosts

  topaz   eth0:207.7.131.16/28
  net     eth0:0.0.0.0/0                  tcpflags
  

• Policy

  all all REJECT info
  

• Rules

  ACCEPT  fw      topaz   all     -       -
  ACCEPT  topaz   fw      tcp     ssh,http,https  -
  ACCEPT  topaz   fw      tcp     sunrpc,nfs      -
  ACCEPT  topaz   fw      udp     sunrpc,nfs      -
  ACCEPT  topaz   fw      icmp    echo-request    -
  #
  ACCEPT  fw      net     all     -       -
  ACCEPT  net     fw      tcp     ssh,http,https  -
  

• To turn on multicast support, you need to define "mcast ipv4" in zones, "mcast eth0:224.0.0.0/4" in hosts and add the following rules:

  ACCEPT  fw      mcast   all     -       -
  ACCEPT  topaz   fw      udp     -       -
  

  • It seems like "ACCEPT topaz mcast udp" ought to work, but it doesn't.