Disabling firewalld on AWS?

Sam Kottler skottler at redhat.com
Wed Sep 11 15:42:12 UTC 2013

----- Original Message -----
> From: "Matthew Miller" <mattdm at fedoraproject.org>
> To: "Fedora Cloud SIG" <cloud at lists.fedoraproject.org>
> Sent: Wednesday, September 11, 2013 11:24:28 AM
> Subject: Re: Disabling firewalld on AWS?
> On Wed, Sep 11, 2013 at 10:30:26AM -0400, Sam Kottler wrote:
> > The way that services run on public clouds is fundamentally different from
> > the way they run on physical hardware & most private clouds. We shouldn't
> > be treating the AMI's the same as the iso's because they are meant to
> > serve a different purpose.
> So, this hits on one of the big concerns: we've previously agreed that it's
> important to make the image as identical as possible across all clouds
> public and private. If we drop a default packet filter from the EC2 AMI,
> this means dropping it from the downloadable qcow2 as well. Or, if we change
> that, it's a bigger change in strategy.

I see far more of a need for a firewall to be enabled by default on the private cloud images.

The public cloud and private cloud images should probably diverge IMO. This actually connects back to the other thread I started yesterday about the update_hostname cloud-init module; that should be enabled on private clouds, but not public ones, too.

> --
> Matthew Miller  ☁☁☁  Fedora Cloud Architect  ☁☁☁  <mattdm at fedoraproject.org>
> _______________________________________________
> cloud mailing list
> cloud at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/cloud
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

More information about the cloud mailing list