[Freeipa-devel] Ipa-server-install Firewall Support

Simo Sorce simo at redhat.com
Wed Apr 16 13:47:16 UTC 2014


On Wed, 2014-04-16 at 02:59 -0500, Justin Brown wrote:
> Martin,
> 
> I think that making the firewall configuration automatic is the best
> solution. I've updated
> http://www.freeipa.org/page/V4/Firewall_Configuration for automatic
> configuration unless --no-firewall is passed.
> 
> You guys know the user-base better than I do, but I would imagine that
> users would benefit by making a FreeIPA installation work properly
> with as few arguments as possible.

+1

Simo.

> Thanks,
> Justin
> 
> On Thu, Apr 10, 2014 at 1:48 AM, Martin Kosek <mkosek at redhat.com> wrote:
> > On 04/10/2014 02:57 AM, Dmitri Pal wrote:
> >> On 04/08/2014 02:42 PM, Rob Crittenden wrote:
> >>> Justin Brown wrote:
> > ...
> >> b) Example: freeipa-server-install --setup-dns --forwarder=192.168.0.2
> >> --forwarder=192.168.0.3
> >
> > Let's talk about CLI. Shouldn't we add just one option - "--no-firewall"? I
> > would assume that we want to open the firewall ports by default *if* the
> > firewalld is running. If firewalld is not running, ipa-server-install would
> > detect it via DBUS and just simply print warning and would not configure
> > anything and could just maybe spit out iptables configuration as Justin
> > mentioned (optional).
> >
> > Martin
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-devel mailing list