Disabling firewalld on AWS?
error at ioerror.us
Wed Sep 11 03:45:51 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 09/10/2013 11:36 PM, Sam Kottler wrote:
> Given the deny-by-default nature of security groups I think it makes sense to disable firewalld in the AMI's. I haven't seen any other AMI's that have a firewall enabled by default and we probably shouldn't break that pattern IMO.
This is easily one of my least-favorite "features" of certain Linux distributions.
Debian/Ubuntu images don't have a firewall enabled by default in their cloud images because they don't have a firewall enabled at all in a default installation. At least the last time I looked at them; maybe they've gotten smarter in the last couple of years.
I'm not really sure I see a benefit here. There may not even be a second firewall in front of the virtual machine; a user might turn it off because it's getting in the way, or a cloud provider might not provide this feature at all. I know of at least one public cloud provider which has an external firewall feature similar to AWS security groups, but it's off by default. In this case I see plenty of downside.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the cloud