Setting the default firewall configuration (was Re: Attention, dependency fighters)

[Stephen John Smoogen]

On 9 November 2012 18:46, Adam Williamson <awilliam at redhat.com> wrote:
> On Fri, 2012-11-09 at 20:39 -0500, Matthew Miller wrote:
>> On Fri, Nov 09, 2012 at 03:24:02PM -0800, Adam Williamson wrote:
>> > it maybe doesn't actually need to be). So perhaps we should change
>> > firewalld to default to opening port 22.
>>
>> +1, even having read the rest of this message.
>>
>>
>> Same with iptables if firewalld is not installed by default.
>
> Somehow it took me 45 minutes to notice the giant logic fail in my
> thinking: if what we're trying to achieve is 'don't install firewalld in
> a minimal install', obviously firewalld's default firewall configuration
> is entirely irrelevant. To achieve the above, we don't need to make sure
> that the default configuration leaves port 22 open when firewalld is
> installed, but that the default configuration leaves port 22 open when
> firewalld is *not* installed. D'oh.

Well with firewalld not installed and no iptables configs.. I would
believe that the default would be everything open... unless some other
program is there to set some defaults.

-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd