----- Original Message -----
From: "Matthew Miller" <mattdm(a)fedoraproject.org>
To: "Fedora Cloud SIG" <cloud(a)lists.fedoraproject.org>
Sent: Wednesday, September 11, 2013 11:24:28 AM
Subject: Re: Disabling firewalld on AWS?
On Wed, Sep 11, 2013 at 10:30:26AM -0400, Sam Kottler wrote:
> The way that services run on public clouds is fundamentally different from
> the way they run on physical hardware & most private clouds. We shouldn't
> be treating the AMI's the same as the iso's because they are meant to
> serve a different purpose.
So, this hits on one of the big concerns: we've previously agreed that it's
important to make the image as identical as possible across all clouds
public and private. If we drop a default packet filter from the EC2 AMI,
this means dropping it from the downloadable qcow2 as well. Or, if we change
that, it's a bigger change in strategy.
I see far more of a need for a firewall to be enabled by default on the private cloud
images.
The public cloud and private cloud images should probably diverge IMO. This actually
connects back to the other thread I started yesterday about the update_hostname cloud-init
module; that should be enabled on private clouds, but not public ones, too.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm(a)fedoraproject.org>
_______________________________________________
cloud mailing list
cloud(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct