Disabling firewalld on AWS?

Wilbur K Smith wilbur.k.smith at gmail.com
Thu Sep 12 04:09:20 UTC 2013 

Hello Folks,
I support keeping any additional security on my default. I would alctually
support having more security enabled by default in any cloud image since it
is most likely sitting on top of an environment you don't directly manage
(Amazon EC2).

Would it make more since to trigger an additional configuration dialog that
would help with fine-grained configuration of the images security features.
This could be a script based config triggered after Anaconda finished.

I know this would be yet another feature to develop and implement, but I
would prefer to have a cloud image "locked down" as much as possible by
default, but make it as simple as possible for a novice to disable features
they may not need.

This is a good debate though.

Wilbur

On Wednesday, September 11, 2013, Dennis Gilmore wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> El Tue, 10 Sep 2013 23:36:01 -0400 (EDT)
> Sam Kottler <skottler at redhat.com <javascript:;>> escribió:
> > Greetings,
> >
> > Given the deny-by-default nature of security groups I think it makes
> > sense to disable firewalld in the AMI's. I haven't seen any other
> > AMI's that have a firewall enabled by default and we probably
> > shouldn't break that pattern IMO.
> >
> > Thoughts?
>
> Lets not, for one the image in EC2 is exactly the same image we make
> available for download in any and every cloud provider or for use on
> your local machine with a suitable local metadata service provider.
>
> use in EC2 is only a portion of the use of the image.
>
> Dennis
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.21 (GNU/Linux)
>
> iEYEARECAAYFAlIwre4ACgkQkSxm47BaWfd//wCfbqOfJn2M8CKjcHCiLRd+9TsR
> YvoAnRDY4/1A5bCONiR+QlVyHIVNyFs0
> =3Pzs
> -----END PGP SIGNATURE-----
> _______________________________________________
> cloud mailing list
> cloud at lists.fedoraproject.org <javascript:;>
> https://admin.fedoraproject.org/mailman/listinfo/cloud
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>


-- 
Wilbur K. Smith
wilbur.k.smith at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/cloud/attachments/20130911/c753fc88/attachment.html>

More information about the cloud mailing list