Re: Disabling firewalld on AWS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Folks,
I support keeping any additional security on my default. I would alctually support having more security enabled by default in any cloud image since it is most likely sitting on top of an environment you don't directly manage (Amazon EC2). 

Would it make more since to trigger an additional configuration dialog that would help with fine-grained configuration of the images security features. This could be a script based config triggered after Anaconda finished. 

I know this would be yet another feature to develop and implement, but I would prefer to have a cloud image "locked down" as much as possible by default, but make it as simple as possible for a novice to disable features they may not need. 

This is a good debate though. 

Wilbur

On Wednesday, September 11, 2013, Dennis Gilmore wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

El Tue, 10 Sep 2013 23:36:01 -0400 (EDT)
Sam Kottler <skottler@xxxxxxxxxx> escribió:
> Greetings,
>
> Given the deny-by-default nature of security groups I think it makes
> sense to disable firewalld in the AMI's. I haven't seen any other
> AMI's that have a firewall enabled by default and we probably
> shouldn't break that pattern IMO.
>
> Thoughts?

Lets not, for one the image in EC2 is exactly the same image we make
available for download in any and every cloud provider or for use on
your local machine with a suitable local metadata service provider.

use in EC2 is only a portion of the use of the image.

Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)

iEYEARECAAYFAlIwre4ACgkQkSxm47BaWfd//wCfbqOfJn2M8CKjcHCiLRd+9TsR
YvoAnRDY4/1A5bCONiR+QlVyHIVNyFs0
=3Pzs
-----END PGP SIGNATURE-----
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct


--
Wilbur K. Smith
wilbur.k.smith@xxxxxxxxx

_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux