firewalld vs iptables vs ? as default (was Comparison to Workstation Technical Specification)
Reindl Harald
h.reindl at thelounge.net
Thu Mar 6 22:39:22 UTC 2014
Am 06.03.2014 23:36, schrieb Simo Sorce:
> On Thu, 2014-03-06 at 17:12 -0500, Stephen Gallagher wrote:
>> I don't think that's necessarily a fair statement. We fully intend for
>> the firewall control on these Roles to be easy to turn off and on at
>> will. Upgrades should never change that state[1]. I don't see any
>> reason why, under those conditions, Roles couldn't work for Mr. Reindl.
>>
>>
>> [1] I think I can reasonably assert this without controversy.
>
> weeeelll, we had some ports change in freeipa, we used to open 8443 and
> then we changed to proxy everything via 443, so technically we would
> like to 'close' a port on update if we were back then :-)
no - you would that only if you are changing my servers configuration
to listen on a different port which would be a no-go - and if you
are now find a argument why doing so it's the best against defaults
someone later may regret after it is too late
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/server/attachments/20140306/0c949ab5/attachment.sig>
More information about the server
mailing list