[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] firewalld in atomic host

On 04/21/2017 03:18 PM, Colin Walters wrote:
> On Fri, Apr 21, 2017, at 10:16 AM, Dusty Mabe wrote:
>> NOTE: if you respond to this message please 'reply-all'.
>> I'd like to discuss firewalld on atomic host. 
> I think there here are two cases:
> AH-as-Kube/OpenShift host:  In this I'd turn the conversation around - do
>  Kube/OpenShift want to depend on firewalld?   This has come up before,
>  see https://bugzilla.redhat.com/show_bug.cgi?id=1403331

I'm not sure about kube. One thing we could do is ship firewalld and not enable
it. We don't enable iptables either (at least in our cloud images). Then k8s/openshift
can use whichever one they choose, right? 

> Standalone/"pet" AH: I think that package layering solves
> this today (and other "pet" cases), and ideally we would also provide a container.

Yeah, I just don't think I can honestly recommend people reboot their instance.
Once livefs is here my worries go away and we probably aren't even having this

> Basically I don't have a definitive answer myself, but hopefully at
> least the above bz link is useful.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]