Setting the default firewall configuration (was Re: Attention, dependency fighters)

Adam Williamson awilliam at redhat.com
Sat Nov 10 01:46:56 UTC 2012


On Fri, 2012-11-09 at 20:39 -0500, Matthew Miller wrote:
> On Fri, Nov 09, 2012 at 03:24:02PM -0800, Adam Williamson wrote:
> > it maybe doesn't actually need to be). So perhaps we should change
> > firewalld to default to opening port 22.
> 
> +1, even having read the rest of this message.
> 
> 
> Same with iptables if firewalld is not installed by default.

Somehow it took me 45 minutes to notice the giant logic fail in my
thinking: if what we're trying to achieve is 'don't install firewalld in
a minimal install', obviously firewalld's default firewall configuration
is entirely irrelevant. To achieve the above, we don't need to make sure
that the default configuration leaves port 22 open when firewalld is
installed, but that the default configuration leaves port 22 open when
firewalld is *not* installed. D'oh.

We can still not bother poking the firewall configuration by default in
anaconda if firewalld's package default leaves port 22 open and
firewalld is being installed, which would still be a valuable
simplification of what anaconda has to do and is still a sensible
change, but obviously, we can't use that as a reason not to install
firewalld in a minimal install.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net



More information about the devel mailing list