Re: Disabling firewalld on AWS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/10/2013 11:36 PM, Sam Kottler wrote:
> Given the deny-by-default nature of security groups I think it makes sense to disable firewalld in the AMI's. I haven't seen any other AMI's that have a firewall enabled by default and we probably shouldn't break that pattern IMO.
>
> Thoughts?
>

This is easily one of my least-favorite "features" of certain Linux distributions.

Debian/Ubuntu images don't have a firewall enabled by default in their cloud images because they don't have a firewall enabled at all in a default installation. At least the last time I looked at them; maybe they've gotten smarter in the last couple of years.

I'm not really sure I see a benefit here. There may not even be a second firewall in front of the virtual machine; a user might turn it off because it's getting in the way, or a cloud provider might not provide this feature at all. I know of at least one public cloud provider which has an external firewall feature similar to AWS security groups, but it's off by default. In this case I see plenty of downside.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSL+dvAAoJEJICkBIKCqxc/esP/1/xqnHrxYLhlvS5ecgmx3zb
3SSHFeeD2MKQvVkkOlsjoj0oYX17bmWeKxFzpjI7fUBCLb1vsVl1L19QbluGHElA
QcKMzyCwfoZuAMZ804SRpty2hx0RSsbVpw0gDMVfBCWDjPFXzxt+PVK/tkIRHGDe
k0DMbQd9WtM2BPPPjEeBu72YGnsWNBBHRb+4E9thg1FunX4RkeZ3qw7wgVlg3dCK
TH0PkJrJKedWKHUVzcR+dZqxk1thGtWYSw1fJM3Vbk9UPuZxFcxOOjTXYtNkQaO3
LL4x35UMi1pOIC20Ga9nXoMiRex1fLoO2autbJQfwLWnyCBTO/FvDxj9WUDtklFE
yt/9t7Y7FH63sBvc6MOi+L7i4ZNZCMlHnZAKpF5jQ7OcOG+a/tftE2E8DUgAJwEG
VnMIQPCMCGnYTkrqcsG6pcAz8RxoHMGXaGE3VYRLA0rtc6KeCEB8JuddXJ24Yst7
DNwprVK/O/sf9akniyFHHeimXhvBdhnRCS+uak0/JuRTGRvwEHJ37EeyuwHeCViL
F8rq9OLG6uN/CPwT0n5fRnZp30XKQc0wODUOCH9vcp6EVoozvFJF3MRWSjM3nBcO
/UKGvPFb2ZNgbGqZxkBsYBVrY12kcQX0Vo6B5IktEV5S1PmwBPOklGJnCCrpEiYq
M2TLP9xhvLIHasY2Dl3G
=S1Yb
-----END PGP SIGNATURE-----

_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux