mwmahlberg added a new comment to an issue you are following:
``
As a user of Atomic, I would like to see `firewalld` included for various reasons.
1. The inclusion of `firewalld` with only port 22 open would limit access to services
unless explicitly granted, as per best practises and required by many security
certifications, among them the certificates issued for companies by the German
"Federal Office for Information Security". While it is possible to achieve those
certificates with a proper external firewall concept, the lack of `firewalld` makes the
certification process *a lot* harder.
2. While iptables are of course present on Atomic, fiddling with them is a lot more
error-prone than with `firewalld`. This adds to complexity of administration, and
complexity inevitably will cause mistakes which in a worst case scenario will lead to
security incidents which could have been avoided.
3. While the classical deployment scenario for Atomic is in a well protected, properly
tiered environment, Atomic may well be used on providers such as Digital Ocean. It would
be good if a user had the peace of mind that regardless what he or she deploys, it can be
hardened first (via ssh tunnel for example) and reachable only after the service was
explicitly opened to the public by means of a firewall. And all of that without relying on
external services such as <InsertCloudProvidersNameHere> firewall service
``
To reply, visit the link below or just reply to this email
https://pagure.io/atomic-wg/issue/372