fail2ban + firewalld suggestions needed
Jonathan Underwood
jonathan.underwood at gmail.com
Thu Mar 20 16:26:24 UTC 2014
On 20 March 2014 16:17, Przemek Klosowski <przemek.klosowski at nist.gov> wrote:
> I am concerned that this looks like configuring the fail2ban package by
> installing more packages. If we started doing it everywhere multiple
> packages interact, it would combinatorially explode the number of packages
> and make the system harder to maintain, not easier. Among other things, it
> would make managing the subsystem on Fedora different than everywhere else
> including upstream.
I tend to agree here - personally I think one sensible default
configuration is sufficient, and then let users adjust/taylor that
configuration for their needs. RPM is the wrong layer for
configuration management IMO - this also pertains to the recent
discussions regarding diverging configs for the different projects.
RPM should lay down files, and then a proper config management service
should configure/customise software (Puppet,ansible, what have you).
More information about the devel
mailing list