In a default RHEL6.5 install, iptables is configured (rules exist in /etc/sysconfig/iptables) and the service is enabled. But in a Beaker recipe, iptables is not running and not configured. /etc/sysconfig/iptables does not exist and all ports are open.
Why is it different in a Beaker recipe? How do I enable iptables?
(This is based on a question originally asked 2014-03-27 by Ondrej Ptak on a mailing list.)
Beaker disables the firewall by default to make multi-host testing easier.
The generated kickstart contains firewall --disabled which causes Anaconda to not configure or enable iptables (see firewall in the Anaconda docs).
You can override the default behaviour by setting the firewall ksmeta variable for your recipe. For example, to only open ports 22, 80, and 8080:
<recipe ks_meta="firewall=ssh:tcp,http:tcp,8080:tcp">
...
Refer to the Kickstart metadata section in Beaker's docs.