[Kimchi-devel] [PATCH] Issue #456: Firewall ports are not open after firewall restart

Aline Manera alinefm at linux.vnet.ibm.com
Thu Jan 8 19:19:47 UTC 2015 

On 07/01/2015 06:04, Paulo Ricardo Paz Vital wrote:
> If you remove the firewall and SELinux commands from one distro, you 
> have to do the same for all supported distros by Kimchi. Also, there 
> is a solution to the issue of rules don't be persistent after a 
> service restart or machine reboot.

Yeap!

Ramon, please also check the kimchi.spec.suse.in and add instructions to 
setup the firewall correct there too.
You can check README-federation that also contains firewall rules.

>
> IMO, all these security code and tricks can be moved to a new plugin. 
> If the user is interested to use the project security rules, he/she 
> install the plugin.

We continue installing the firewalld config file. We are just removing 
the commands.
As user may change the ports as they want I don't think a plugin will 
take a big difference here.

>
> That's my 2 cents!
> Paulo Vital.
>
> On Tue Jan 06 2015 at 8:42:46 PM Ramon Medeiros 
> <ramonn at linux.vnet.ibm.com <mailto:ramonn at linux.vnet.ibm.com>> wrote:
>
>     On 01/06/2015 04:53 PM, Crístian Viana wrote:
>     > On 06-01-2015 14:50, Ramon Medeiros wrote:
>     >> +
>     >> +Troubleshooting
>     >> +---------------
>     >
>     > IMO, this section shouldn't be named "Troubleshooting" because those
>     > actions are required in order for Kimchi to work in a remote client.
>     > It's not as if the user did something wrong and this section should
>     > help them to fix it; this is a required extra step, in my view.
>     >
>     >> +Kimchi uses ports 8000, 8001 and 64667. If you are using
>     firewalld,
>     >> there is a easy way to add the rules:
>     > *an* easy way
>     >
>     > Also, shouldn't this patch remove the firewall commands from
>     > contrib/DEBIAN/* as well?
>     The bug did not claimed for this issue on debian. I will check.
>
>     --
>     Ramon Nunes Medeiros
>     Kimchi Developer
>     Software Engineer - Linux Technology Center Brazil
>     IBM Systems & Technology Group
>     Phone : +55 19 2132 7878
>     ramonn at br.ibm.com <mailto:ramonn at br.ibm.com>
>
>     _______________________________________________
>     Kimchi-devel mailing list
>     Kimchi-devel at ovirt.org <mailto:Kimchi-devel at ovirt.org>
>     http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>
>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20150108/184f399d/attachment.html>

More information about the Kimchi-devel mailing list