I'd open it by default, if the user asks to configure the firewall. We ask that on host bootstrapping, so one can choose not to let us configure the firewall if he controls his own firewall configuration. On Mar 4, 2016 14:02, "Fabian Deutsch" <[email protected]> wrote:
> Btw. This question is now asked for Node, but it also affects other > hosts which are running Cockpit. > > - faian > > On Fri, Mar 4, 2016 at 1:01 PM, Fabian Deutsch <[email protected]> > wrote: > > Hey, > > > > Node Next will ship Cockpit by default. > > > > When the host is getting installed, Cockpit can be reached by default > > over it's port 9090/tcp. > > > > But after the host was added to Engine, Engine/vdsm is setting up it's > > own iptables rules which then prevent further access to Cockpit. > > > > How do we want users to control the access to Cockpit? So where shall > > users be able to open or close the Cockpit firewall port. > > > > Initially I thought that we can open up the cockpit port by default, > > but this might be a security issue. > > (Brute force attacks to crack user passwords through the web interface). > > > > - fabian > > > > -- > Fabian Deutsch <[email protected]> > RHEV Hypervisor > Red Hat > _______________________________________________ > Devel mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/devel > > >
_______________________________________________ Devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/devel
