[Freeipa-devel] Ipa-server-install Firewall Support
Martin Kosek
mkosek at redhat.com
Wed Apr 16 10:47:04 UTC 2014
On 04/16/2014 09:59 AM, Justin Brown wrote:
> Martin,
>
> I think that making the firewall configuration automatic is the best
> solution. I've updated
> http://www.freeipa.org/page/V4/Firewall_Configuration for automatic
> configuration unless --no-firewall is passed.
>
> You guys know the user-base better than I do, but I would imagine that
> users would benefit by making a FreeIPA installation work properly
> with as few arguments as possible.
>
> Thanks,
> Justin
>
> On Thu, Apr 10, 2014 at 1:48 AM, Martin Kosek <mkosek at redhat.com> wrote:
>> On 04/10/2014 02:57 AM, Dmitri Pal wrote:
>>> On 04/08/2014 02:42 PM, Rob Crittenden wrote:
>>>> Justin Brown wrote:
>> ...
>>> b) Example: freeipa-server-install --setup-dns --forwarder=192.168.0.2
>>> --forwarder=192.168.0.3
>>
>> Let's talk about CLI. Shouldn't we add just one option - "--no-firewall"? I
>> would assume that we want to open the firewall ports by default *if* the
>> firewalld is running. If firewalld is not running, ipa-server-install would
>> detect it via DBUS and just simply print warning and would not configure
>> anything and could just maybe spit out iptables configuration as Justin
>> mentioned (optional).
>>
>> Martin
Right. The default installation option should fit the most users. Which
automatic configuration of firewall (when it is present) is the one.
Thanks,
Martin
More information about the Freeipa-devel
mailing list