[Freeipa-devel] Ipa-server-install Firewall Support

Justin Brown justin.brown at fandingo.org
Wed Apr 16 07:59:09 UTC 2014


Martin,

I think that making the firewall configuration automatic is the best
solution. I've updated
http://www.freeipa.org/page/V4/Firewall_Configuration for automatic
configuration unless --no-firewall is passed.

You guys know the user-base better than I do, but I would imagine that
users would benefit by making a FreeIPA installation work properly
with as few arguments as possible.

Thanks,
Justin

On Thu, Apr 10, 2014 at 1:48 AM, Martin Kosek <mkosek at redhat.com> wrote:
> On 04/10/2014 02:57 AM, Dmitri Pal wrote:
>> On 04/08/2014 02:42 PM, Rob Crittenden wrote:
>>> Justin Brown wrote:
> ...
>> b) Example: freeipa-server-install --setup-dns --forwarder=192.168.0.2
>> --forwarder=192.168.0.3
>
> Let's talk about CLI. Shouldn't we add just one option - "--no-firewall"? I
> would assume that we want to open the firewall ports by default *if* the
> firewalld is running. If firewalld is not running, ipa-server-install would
> detect it via DBUS and just simply print warning and would not configure
> anything and could just maybe spit out iptables configuration as Justin
> mentioned (optional).
>
> Martin




More information about the Freeipa-devel mailing list