Fully agree.... anyone up for a PR that would edit the script to avoid firewall rules setup but instead print a descriptive message advising ports 8080, 8443, 8250 and possibly 8096 should be open?
cheers, On Fri, 31 Jul 2020 at 10:26, Riepl, Gregor (SWISS TXT) < gregor.ri...@swisstxt.ch> wrote: > Hi Andrija, > > My idea would be to either ensure (in the cloudstack-setup-management) that > both firewalld/ufw are disabled and continue operating with pure iptables > OR to not add rules at all, but instead print a message on the > requirements to open access to ports 8080/8250/9090 with whatever firewall > management tool the user uses > > Supporting many different firewall management tools will be a Herculean > effort and may still fail when new tools emerge. > I think it would be ok to drop automatic firewall rule creation and let > the user manage their own rules instead. > > It's always been this way on Debian (and derivates), and I don't see why > other distributions should be different. > Perhaps RHEL/CentOS has handled this differently in the past, and > firewalld is supposed to solve the distribution fragmentation problem, just > like systemd did. But there's far less adoption of firewalld than systemd, > so I don't think it makes sense to try to solve this in CloudStack. > > (just my 2¢) > > Regards, > Gregor > -- Andrija Panić
