<p dir="ltr">I'd open it by default, if the user asks to configure the firewall. <br>
We ask that on host bootstrapping, so one can choose not to let us configure the firewall if he controls his own firewall configuration. <br>
</p>
<div class="gmail_quote">On Mar 4, 2016 14:02, "Fabian Deutsch" <<a href="mailto:fdeutsch@redhat.com">fdeutsch@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Btw. This question is now asked for Node, but it also affects other<br>
hosts which are running Cockpit.<br>
<br>
- faian<br>
<br>
On Fri, Mar 4, 2016 at 1:01 PM, Fabian Deutsch <<a href="mailto:fdeutsch@redhat.com">fdeutsch@redhat.com</a>> wrote:<br>
> Hey,<br>
><br>
> Node Next will ship Cockpit by default.<br>
><br>
> When the host is getting installed, Cockpit can be reached by default<br>
> over it's port 9090/tcp.<br>
><br>
> But after the host was added to Engine, Engine/vdsm is setting up it's<br>
> own iptables rules which then prevent further access to Cockpit.<br>
><br>
> How do we want users to control the access to Cockpit? So where shall<br>
> users be able to open or close the Cockpit firewall port.<br>
><br>
> Initially I thought that we can open up the cockpit port by default,<br>
> but this might be a security issue.<br>
> (Brute force attacks to crack user passwords through the web interface).<br>
><br>
> - fabian<br>
<br>
<br>
<br>
--<br>
Fabian Deutsch <<a href="mailto:fdeutsch@redhat.com">fdeutsch@redhat.com</a>><br>
RHEV Hypervisor<br>
Red Hat<br>
_______________________________________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/devel</a><br>
<br>
<br>
</blockquote></div>