On Tue, 2014-03-04 at 14:07 +0100, Miloslav Trmač wrote:
I see having a firewall running by default, but punching holes in it
by default, without explicit user involvement, as such a case: the
underlying reason to have a firewall seems to be defeated by the way
the firewall is being used.
Here lies the error of your reasoning.
Roles do not do anything without *explicit user involvement*.
You actually have to install *and* setup a role on your system to poke
any hole.
And not poking holes for some roles makes no sense, because the role can
only be used (in the common case) if it is reachable from the network,
and if it is unreachable it does not work.
One of the assumptions for roles is that we want to have them working as
intended once the setup is complete.
Roles that are not clear cases, as said in the last meeting, will offer
a way for the admin to tell what to do, however their default will
depend on what we think is the best default.
For example I think the best default for the domain controller role will
be to open the firewall, while the best default for the database role
will be to keep it closed.
The point is: roles should provide firewall rules and apply the
appropriate default, however admins should be able to override the
default at setup time.
Simo.
--
Simo Sorce * Red Hat, Inc * New York