On 9 November 2012 18:46, Adam Williamson <awilliam(a)redhat.com> wrote:
On Fri, 2012-11-09 at 20:39 -0500, Matthew Miller wrote:
> On Fri, Nov 09, 2012 at 03:24:02PM -0800, Adam Williamson wrote:
> > it maybe doesn't actually need to be). So perhaps we should change
> > firewalld to default to opening port 22.
>
> +1, even having read the rest of this message.
>
>
> Same with iptables if firewalld is not installed by default.
Somehow it took me 45 minutes to notice the giant logic fail in my
thinking: if what we're trying to achieve is 'don't install firewalld in
a minimal install', obviously firewalld's default firewall configuration
is entirely irrelevant. To achieve the above, we don't need to make sure
that the default configuration leaves port 22 open when firewalld is
installed, but that the default configuration leaves port 22 open when
firewalld is *not* installed. D'oh.
Well with firewalld not installed and no iptables configs.. I would
believe that the default would be everything open... unless some other
program is there to set some defaults.
--
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd