cloud and local firewall at all (sig consensus?)

On Wed, Dec 12, 2012 at 09:58:04PM -0800, Garrett Holmstrom wrote: I'd like to get a group consensus on this. Dennis Gilmore has expressed concern about leaving the local firewall off -- having it on may be redundant, but it protects against configuration errors or security bugs in EC2 itself. Options for the out-of-the-box config are: A) no local firewall (Garrett, do you have a reference to an EC2 recommendation for this configuration?) B) firewall allowing ssh in by default (normal Fedora default) C) firewall allowing in ssh + http/https (since cloud systems are often web servers) I'm lightly in favor of C, since I like the concept of defense-in-depth, and this seems like a decent compromise. But I really don't have a very strong opinion. What are your thoughts? -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm(a)fedoraproject.org&gt;