----- Original Message -----
From: "Eric V. Smith" <eric(a)trueblade.com>
To: cloud(a)lists.fedoraproject.org
Sent: Wednesday, September 11, 2013 10:17:03 AM
Subject: Re: Disabling firewalld on AWS?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/11/2013 08:57 AM, Daniel J Walsh wrote:
> On 09/11/2013 08:53 AM, Sam Kottler wrote:
>
>>> It's not "disabl[ing] security", security groups already do
>>> that for you. You're adding an extra convoluted layer, and the
>>> vast majority of users will just disable it and rely on
>>> security groups (that's conjecture on my part). Have you ever
>>> heard about vulnerabilities in the AWS security group
>>> implementation? I haven't.
>
> I would figure Amazon would do everything in its power to prevent
> leakage of information about vulnerabilities to the public. Their
> stock price would take a large hit...
[I hope the quoting is correct there, but it looks odd to me.
Apologies if it's wrong.]
And, they may be under court order to not discuss their vulnerabilities!
But seriously: I'd rather this work the same way other Fedora
installations work. I don't have to enable the firewall when I install
from DVDs, and I'd like the same thing to apply to cloud images.
Otherwise I need to modify my post-install scripts to always enable
the firewall (or maybe conditionally do it, which is worse).
The way that services run on public clouds is fundamentally different from the way they
run on physical hardware & most private clouds. We shouldn't be treating the
AMI's the same as the iso's because they are meant to serve a different purpose.
As for your provisioning script, you don't need a conditional, just chkconfig it to on
since it will exit 0 whether it successfully enabled the service or it was already
enabled.
Eric.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined -
http://www.enigmail.net/
iQEcBAEBAgAGBQJSMHtTAAoJENxauZFcKtNxkUcIAJV5glS4VNT9qhWWgG3UoVou
uXxO4TSde8/sVnUNQY3vjmHE6XcPoiLkLjCq9nk8RWvJbmrErOiclsKLRo6E7UZL
Fs9CE/aX+6JhzgTZzxoAvayhUSKtwZIDFfvXjUldH1YWMB9gj/ZPms1sDqoiH3Xb
/qEt9sXmKDNFJgYGAYCvevk53c75pd4upt1UJ2fLxTezBUf7vi3o6129Fw6KNx7Z
zhnyYtmfcesrmZog7lFHAZto1/qSkWIHZaY8XuO5lauEcxdiBMJUYgCWjrWu1y3a
GemzbwniBKawfX/t7OIRqyWYoRKJjaHEPZswbHP33jdieCllsMwpujeRJl8q+jA=
=yJ/E
-----END PGP SIGNATURE-----
_______________________________________________
cloud mailing list
cloud(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct