A question commonly asked, how does one best edit /etc/sysconfig/iptables during a Web-Kickstart %post?

You could include the entire file in the %post section of your kickstart.  However, what about the default ports added for AFS, or another use file that may wish to slightly alter the host's firewall?

My friends, sed is the answer.  The RHEL or Realm Linux 5 firewalls include a 'RH-Firewall-1-INPUT' chain where the Red Hat customizations live, so lets edit that:

sed -i '/:RH-Firewall-1-INPUT/ a\
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 24 -j ACCEPT' \
/etc/sysconfig/iptables

This opens port 24 (which we normally run SSH on) and does not otherwise modify the current configuration.  Note, the above is 2 lines with a '\n' character directly after "a\".