----- Original Message ----- > From: "Matthew Miller" <mattdm@xxxxxxxxxxxxxxxxx> > To: "Fedora Cloud SIG" <cloud@xxxxxxxxxxxxxxxxxxxxxxx> > Sent: Thursday, December 20, 2012 1:49:23 PM > Subject: cloud and local firewall at all (sig consensus?) > > On Wed, Dec 12, 2012 at 09:58:04PM -0800, Garrett Holmstrom wrote: > > EC2 recommends images with *no* default firewall since they use > > security > > groups to control traffic, and adding a second, guest-level > > firewall tends > > to confuse people. > > I'd like to get a group consensus on this. Dennis Gilmore has > expressed > concern about leaving the local firewall off -- having it on may be > redundant, but it protects against configuration errors or security > bugs in > EC2 itself. Is this consensus just for EC2 or all images potentially used in cloud (public or private)? > > Options for the out-of-the-box config are: > > A) no local firewall (Garrett, do you have a reference to an EC2 > recommendation for this configuration?) > > B) firewall allowing ssh in by default (normal Fedora default) > > C) firewall allowing in ssh + http/https (since cloud systems are > often > web servers) > > I'm lightly in favor of C, since I like the concept of > defense-in-depth, and > this seems like a decent compromise. But I really don't have a very > strong > opinion. What are your thoughts? > > -- > Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ > <mattdm@xxxxxxxxxxxxxxxxx> > _______________________________________________ > cloud mailing list > cloud@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/cloud > _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud
