On 2012-12-12 7:27, Matthew Miller wrote:
This may be of interest to people using Fedora as a cloud solution, for several reasons. First, on _host_ systems providing virtualization services, the firewall daemon provides an interface for tracking dynamic rules. (Libvirt already has code to use it, for example.) On cloud _guest_ systems, it's probably less desirable: the firewall is unlikely to have dynamic changes, and resources will be more constrained. Having an extra python-based daemon running all the time with literally nothing to do probably isn't what we're looking for, and it also happens that the code pulls in a large list of dependencies.
How much memory does firewalld actually use on F18 when it has nothing to do? At what point should we become concerned about how much memory a process is using?
The FirewallD feature page proposes that both options should be available for at least the next few Fedora releases (just as we have the legacy network scripts). But right now, the appliance building tools and anaconda both rely on the new firewalld commands. I suggested putting that back to the old way for now, but that's going to take some work and testing.
Does the "no firewall" case still work, at least? EC2 recommends images with *no* default firewall since they use security groups to control traffic, and adding a second, guest-level firewall tends to confuse people.
Should the F18 release image explicitly target clouds other than EC2? *Can* it?
-- Garrett Holmstrom _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud
