cloud and firewalld
Matthew Miller
mattdm at fedoraproject.org
Wed Dec 12 15:27:36 UTC 2012
This may be of interest to people using Fedora as a cloud solution, for
several reasons.
First, on _host_ systems providing virtualization services, the firewall
daemon provides an interface for tracking dynamic rules. (Libvirt already
has code to use it, for example.)
On cloud _guest_ systems, it's probably less desirable: the firewall is
unlikely to have dynamic changes, and resources will be more constrained.
Having an extra python-based daemon running all the time with literally
nothing to do probably isn't what we're looking for, and it also happens
that the code pulls in a large list of dependencies.
The FirewallD feature page proposes that both options should be available
for at least the next few Fedora releases (just as we have the legacy
network scripts). But right now, the appliance building tools and anaconda
both rely on the new firewalld commands. I suggested putting that back to
the old way for now, but that's going to take some work and testing.
* https://bugzilla.redhat.com/show_bug.cgi?id=885807
* https://bugzilla.redhat.com/show_bug.cgi?id=884878
Anyway, see https://fedorahosted.org/fesco/ticket/973, which is a topic of a
FESCO meeting at 1 EDT today. Not asking people to storm the meeting (not
productive!) but I thought you might want to be aware if you haven't been
following this.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm at fedoraproject.org>
More information about the cloud
mailing list