[Kimchi-devel] [PATCH] Issue #456: Firewall ports are not open after firewall restart

Ramon Medeiros ramonn at linux.vnet.ibm.com
Fri Jan 9 12:03:10 UTC 2015 

On 01/08/2015 05:19 PM, Aline Manera wrote:
>
> On 07/01/2015 06:04, Paulo Ricardo Paz Vital wrote:
>> If you remove the firewall and SELinux commands from one distro, you 
>> have to do the same for all supported distros by Kimchi. Also, there 
>> is a solution to the issue of rules don't be persistent after a 
>> service restart or machine reboot.
>
> Yeap!
>
> Ramon, please also check the kimchi.spec.suse.in and add instructions 
> to setup the firewall correct there too.
> You can check README-federation that also contains firewall rules.
we don't have any firewall change in suse spec. So, the changes will 
only happen on fedora and debian.
>
>>
>> IMO, all these security code and tricks can be moved to a new plugin. 
>> If the user is interested to use the project security rules, he/she 
>> install the plugin.
>
> We continue installing the firewalld config file. We are just removing 
> the commands.
> As user may change the ports as they want I don't think a plugin will 
> take a big difference here.
>
>>
>> That's my 2 cents!
>> Paulo Vital.
>>
>> On Tue Jan 06 2015 at 8:42:46 PM Ramon Medeiros 
>> <ramonn at linux.vnet.ibm.com <mailto:ramonn at linux.vnet.ibm.com>> wrote:
>>
>>     On 01/06/2015 04:53 PM, Crístian Viana wrote:
>>     > On 06-01-2015 14:50, Ramon Medeiros wrote:
>>     >> +
>>     >> +Troubleshooting
>>     >> +---------------
>>     >
>>     > IMO, this section shouldn't be named "Troubleshooting" because
>>     those
>>     > actions are required in order for Kimchi to work in a remote
>>     client.
>>     > It's not as if the user did something wrong and this section should
>>     > help them to fix it; this is a required extra step, in my view.
>>     >
>>     >> +Kimchi uses ports 8000, 8001 and 64667. If you are using
>>     firewalld,
>>     >> there is a easy way to add the rules:
>>     > *an* easy way
>>     >
>>     > Also, shouldn't this patch remove the firewall commands from
>>     > contrib/DEBIAN/* as well?
>>     The bug did not claimed for this issue on debian. I will check.
>>
>>     --
>>     Ramon Nunes Medeiros
>>     Kimchi Developer
>>     Software Engineer - Linux Technology Center Brazil
>>     IBM Systems & Technology Group
>>     Phone : +55 19 2132 7878
>>     ramonn at br.ibm.com <mailto:ramonn at br.ibm.com>
>>
>>     _______________________________________________
>>     Kimchi-devel mailing list
>>     Kimchi-devel at ovirt.org <mailto:Kimchi-devel at ovirt.org>
>>     http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>>
>>
>>
>> _______________________________________________
>> Kimchi-devel mailing list
>> Kimchi-devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>


-- 
Ramon Nunes Medeiros
Kimchi Developer
Software Engineer - Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
ramonn at br.ibm.com

More information about the Kimchi-devel mailing list