On 2012-12-20 12:49, Matthew Miller wrote:
On Wed, Dec 12, 2012 at 09:58:04PM -0800, Garrett Holmstrom wrote:
EC2 recommends images with *no* default firewall since they use security
groups to control traffic, and adding a second, guest-level firewall tends
to confuse people.
I'd like to get a group consensus on this. Dennis Gilmore has expressed
concern about leaving the local firewall off -- having it on may be
redundant, but it protects against configuration errors or security bugs in
EC2 itself.
Options for the out-of-the-box config are:
A) no local firewall (Garrett, do you have a reference to an EC2
recommendation for this configuration?)
Not any more. The only reference to instance-specific firewalls that I
can find in today's documentation [1] is, "In addition to these
examples, you can maintain your own firewall on any of your instances.
This can be useful if you have specific requirements not met by the
Amazon EC2 distributed firewall."
B) firewall allowing ssh in by default (normal Fedora default)
C) firewall allowing in ssh + http/https (since cloud systems are often
web servers)
I'm lightly in favor of C, since I like the concept of defense-in-depth, and
this seems like a decent compromise. But I really don't have a very strong
opinion. What are your thoughts?
There seem to be enough people here who are okay with defaulting to dual
firewalls to narrow it down to B and C. To be honest, I'd choose B.
It's Fedora's default, it makes fewer assumptions, and since we're
already considering an exploit in EC2 itself to be in scope, we might as
well block off a couple a couple more ports out of the box.
I don't feel incredibly strongly about that, though. I just think it
makes more sense.
[1]
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.html
--
Garrett Holmstrom
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud