Andy, Thank you, this makes sense. Windows firewall does get in a way and it's easier to disable it. It may be a good idea to reflect this in documentation (preparing base image).
Have you considered for VCL to provision a central network firewall? This way it would be OS independent solution which potentially could be easiest to manage and implement... I've also noticed that Ubuntu.pm doesn't set firewall (VCL 2.3). Thanks. -- Dmitri Chebotarov Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging 223 Aquia Building, Ffx, MSN: 1B5 Phone: (703) 993-6175 Fax: (703) 993-3404 On Tuesday, January 22, 2013 at 13:06 , Andy Kurth wrote: > Nothing turns the firewall on if the image was saved with it off. The > thinking was to leave the firewall state intact if the image creator > intended for it to be off. This obviously isn't ideal, but some image > creators may just disable it to get things to work. > > I'd lean to changing the code to always enable it upon image capture and > load. This wouldn't take much work. There are a few gotchas that need to > be checked. For example, if the firewall service is disabled then the > netsh command will fail. > > -Andy > > On Sat, Jan 19, 2013 at 10:39 PM, Dmitri Chebotarov <[email protected] > (mailto:[email protected])>wrote: > > > Hi > > > > I've noticed that firewall on Win7 images is OFF during 'available' and > > 'inuse' states. Is it normal? > > This is what I found out after a closer look. > > > > vcld makes necessary changes to firewall during reservation or reload, but > > doesn't set firewall ON if the firewall was OFF. > > I'm not sure if firewall configuration is part of base image config - i.e. > > set custom firewall rules manually and enable firewall (ON). I couldn't > > find any mentioning of firewall config during base image configuration. > > > > I think expected behavior would be to set firewall ON (netsh advfirewall > > set allprofiles set on) during reload. > > I've added above command (netsh adv…) to Version_6.pm to make sure that > > firewall is always ON regardless of initial firewall status on base image. > > > > Thanks. > > > > -- > > Dmitri Chebotarov > > Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging > > 223 Aquia Building, Ffx, MSN: 1B5 > > Phone: (703) 993-6175 > > Fax: (703) 993-3404 >
