On Wed, Aug 28, 2019, at 8:59 PM, John Harris wrote:
On Wednesday, August 28, 2019 1:35:32 PM MST Colin Walters wrote:
> FWIW,
>
> For Fedora CoreOS we don't enable a firewall by default; see
>
https://github.com/coreos/fedora-coreos-tracker/issues/26
>
> (Neither for that matter does Fedora Cloud:
>
https://pagure.io/fedora-kickstarts/blob/master/f/fedora-cloud-base.ks#_36)
Yikes! I suppose we should discuss these as well. Those are, in my opinion,
much more serious, as they COMPLETELY shut off the firewall. Especially for
what those systems are designed for, this is very concerning..
This seems to be a common theme with cloud images. I believe the assumption is that each
cloud has its own Access Control policies that serve the function of a firewall.
I always end up building my own cloud images with a firewall, partly for this reason.
I would tend to agree that Fedora Core OS should have a firewall, if only to well-define
which ports are required; but I have not been active there.
V/r,
James Cassell