----- Original Message ----- > From: "Eric V. Smith" <eric@xxxxxxxxxxxxx> > To: cloud@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Wednesday, September 11, 2013 10:17:03 AM > Subject: Re: Disabling firewalld on AWS? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/11/2013 08:57 AM, Daniel J Walsh wrote: > > On 09/11/2013 08:53 AM, Sam Kottler wrote: > > > >>> It's not "disabl[ing] security", security groups already do > >>> that for you. You're adding an extra convoluted layer, and the > >>> vast majority of users will just disable it and rely on > >>> security groups (that's conjecture on my part). Have you ever > >>> heard about vulnerabilities in the AWS security group > >>> implementation? I haven't. > > > > I would figure Amazon would do everything in its power to prevent > > leakage of information about vulnerabilities to the public. Their > > stock price would take a large hit... > > [I hope the quoting is correct there, but it looks odd to me. > Apologies if it's wrong.] > > And, they may be under court order to not discuss their vulnerabilities! > > But seriously: I'd rather this work the same way other Fedora > installations work. I don't have to enable the firewall when I install > from DVDs, and I'd like the same thing to apply to cloud images. > Otherwise I need to modify my post-install scripts to always enable > the firewall (or maybe conditionally do it, which is worse). The way that services run on public clouds is fundamentally different from the way they run on physical hardware & most private clouds. We shouldn't be treating the AMI's the same as the iso's because they are meant to serve a different purpose. As for your provisioning script, you don't need a conditional, just chkconfig it to on since it will exit 0 whether it successfully enabled the service or it was already enabled. > > Eric. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > Comment: Using GnuPG with undefined - http://www.enigmail.net/ > > iQEcBAEBAgAGBQJSMHtTAAoJENxauZFcKtNxkUcIAJV5glS4VNT9qhWWgG3UoVou > uXxO4TSde8/sVnUNQY3vjmHE6XcPoiLkLjCq9nk8RWvJbmrErOiclsKLRo6E7UZL > Fs9CE/aX+6JhzgTZzxoAvayhUSKtwZIDFfvXjUldH1YWMB9gj/ZPms1sDqoiH3Xb > /qEt9sXmKDNFJgYGAYCvevk53c75pd4upt1UJ2fLxTezBUf7vi3o6129Fw6KNx7Z > zhnyYtmfcesrmZog7lFHAZto1/qSkWIHZaY8XuO5lauEcxdiBMJUYgCWjrWu1y3a > GemzbwniBKawfX/t7OIRqyWYoRKJjaHEPZswbHP33jdieCllsMwpujeRJl8q+jA= > =yJ/E > -----END PGP SIGNATURE----- > _______________________________________________ > cloud mailing list > cloud@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/cloud > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
