----- Original Message ----- > From: "Matthew Miller" <mattdm@xxxxxxxxxxxxxxxxx> > To: "Fedora Cloud SIG" <cloud@xxxxxxxxxxxxxxxxxxxxxxx> > Sent: Wednesday, September 11, 2013 11:24:28 AM > Subject: Re: Disabling firewalld on AWS? > > On Wed, Sep 11, 2013 at 10:30:26AM -0400, Sam Kottler wrote: > > The way that services run on public clouds is fundamentally different from > > the way they run on physical hardware & most private clouds. We shouldn't > > be treating the AMI's the same as the iso's because they are meant to > > serve a different purpose. > > So, this hits on one of the big concerns: we've previously agreed that it's > important to make the image as identical as possible across all clouds > public and private. If we drop a default packet filter from the EC2 AMI, > this means dropping it from the downloadable qcow2 as well. Or, if we change > that, it's a bigger change in strategy. I see far more of a need for a firewall to be enabled by default on the private cloud images. The public cloud and private cloud images should probably diverge IMO. This actually connects back to the other thread I started yesterday about the update_hostname cloud-init module; that should be enabled on private clouds, but not public ones, too. > > > -- > Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> > _______________________________________________ > cloud mailing list > cloud@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/cloud > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
