On 04/21/2017 03:18 PM, Colin Walters wrote:
On Fri, Apr 21, 2017, at 10:16 AM, Dusty Mabe wrote:
> NOTE: if you respond to this message please 'reply-all'.
> I'd like to discuss firewalld on atomic host.
I think there here are two cases:
AH-as-Kube/OpenShift host: In this I'd turn the conversation around - do
Kube/OpenShift want to depend on firewalld? This has come up before,
I'm not sure about kube. One thing we could do is ship firewalld and not enable
it. We don't enable iptables either (at least in our cloud images). Then
can use whichever one they choose, right?
Standalone/"pet" AH: I think that package layering solves
this today (and other "pet" cases), and ideally we would also provide a
Yeah, I just don't think I can honestly recommend people reboot their instance.
Once livefs is here my worries go away and we probably aren't even having this
> Basically I don't have a definitive answer myself, but hopefully at
> least the above bz link is useful.