NOTE: if you respond to this message please 'reply-all'.
I'd like to discuss firewalld on atomic host. Recently I was trying to
figure out the best way to explain to other users how to set firewall rules
on atomic host.
Usually I would say add your rules and then iptables-save, but on Atomic
Host docker has added it's firewall rules in there dynamically so if you iptables-save
you'll get a bunch of stuff that you don't want in your static configuration.
There are ways around this; manually create your config file, or use iptables-save
and then rip the docker stuff out. Either way it's a bit of a pain. I think
firewalld would make this easier on the user. Not sure of the pro/con ratio though.
dustymabe reported a new issue against the project: `atomic-wg` that you are following:
we support this in our kernel so we should probably enable it. We need to:
1 - enable it in fedimg and underlying tools if needed
2 - see if having it enabled on all AMIs affects being able to launch on certain instance types (we would like to be able to enable it on all AMIs and just have it be a no-op on instances that don't support it.
To reply, visit the link below or just reply to this email