On Fri, Mar 4, 2016 at 1:24 PM, Oved Ourfali <[email protected]> wrote: > I'd open it by default, if the user asks to configure the firewall. > We ask that on host bootstrapping, so one can choose not to let us configure > the firewall if he controls his own firewall configuration.
True - we can couple it with that decision when adding a host. https://bugzilla.redhat.com/show_bug.cgi?id=1314781 - fabian > On Mar 4, 2016 14:02, "Fabian Deutsch" <[email protected]> wrote: >> >> Btw. This question is now asked for Node, but it also affects other >> hosts which are running Cockpit. >> >> - faian >> >> On Fri, Mar 4, 2016 at 1:01 PM, Fabian Deutsch <[email protected]> >> wrote: >> > Hey, >> > >> > Node Next will ship Cockpit by default. >> > >> > When the host is getting installed, Cockpit can be reached by default >> > over it's port 9090/tcp. >> > >> > But after the host was added to Engine, Engine/vdsm is setting up it's >> > own iptables rules which then prevent further access to Cockpit. >> > >> > How do we want users to control the access to Cockpit? So where shall >> > users be able to open or close the Cockpit firewall port. >> > >> > Initially I thought that we can open up the cockpit port by default, >> > but this might be a security issue. >> > (Brute force attacks to crack user passwords through the web interface). >> > >> > - fabian >> >> >> >> -- >> Fabian Deutsch <[email protected]> >> RHEV Hypervisor >> Red Hat >> _______________________________________________ >> Devel mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/devel >> >> > -- Fabian Deutsch <[email protected]> RHEV Hypervisor Red Hat _______________________________________________ Devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/devel
