<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 07/01/2015 06:04, Paulo Ricardo Paz
Vital wrote:<br>
</div>
<blockquote
cite="mid:CAFe=of6JR50kiyb8GXj0N5a5tz1kbOmoD5nSwpi=hYsJFP2haw@mail.gmail.com"
type="cite">If you remove the firewall and SELinux commands from
one distro, you have to do the same for all supported distros by
Kimchi. Also, there is a solution to the issue of rules don't be
persistent after a service restart or machine reboot.</blockquote>
<br>
Yeap!<br>
<br>
Ramon, please also check the kimchi.spec.suse.in and add
instructions to setup the firewall correct there too.<br>
You can check README-federation that also contains firewall rules.<br>
<br>
<blockquote
cite="mid:CAFe=of6JR50kiyb8GXj0N5a5tz1kbOmoD5nSwpi=hYsJFP2haw@mail.gmail.com"
type="cite">
<div><span style="line-height:1.5"><br>
</span></div>
<div><span style="line-height:1.5">IMO, all these security code
and tricks can be moved to a new plugin. If the user is
interested to use the project security rules, he/she install
the plugin. </span><br>
</div>
</blockquote>
<br>
We continue installing the firewalld config file. We are just
removing the commands.<br>
As user may change the ports as they want I don't think a plugin
will take a big difference here.<br>
<br>
<blockquote
cite="mid:CAFe=of6JR50kiyb8GXj0N5a5tz1kbOmoD5nSwpi=hYsJFP2haw@mail.gmail.com"
type="cite">
<div><span style="line-height:1.5"><br>
</span></div>
<div><span style="line-height:1.5">That's my 2 cents!</span></div>
<div><span style="line-height:1.5">Paulo Vital.</span></div>
<br>
<div class="gmail_quote">On Tue Jan 06 2015 at 8:42:46 PM Ramon
Medeiros <<a moz-do-not-send="true"
href="mailto:ramonn@linux.vnet.ibm.com">ramonn@linux.vnet.ibm.com</a>>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">On
01/06/2015 04:53 PM, Crístian Viana wrote:<br>
> On 06-01-2015 14:50, Ramon Medeiros wrote:<br>
>> +<br>
>> +Troubleshooting<br>
>> +---------------<br>
><br>
> IMO, this section shouldn't be named "Troubleshooting"
because those<br>
> actions are required in order for Kimchi to work in a
remote client.<br>
> It's not as if the user did something wrong and this
section should<br>
> help them to fix it; this is a required extra step, in my
view.<br>
><br>
>> +Kimchi uses ports 8000, 8001 and 64667. If you are
using firewalld,<br>
>> there is a easy way to add the rules:<br>
> *an* easy way<br>
><br>
> Also, shouldn't this patch remove the firewall commands
from<br>
> contrib/DEBIAN/* as well?<br>
The bug did not claimed for this issue on debian. I will
check.<br>
<br>
--<br>
Ramon Nunes Medeiros<br>
Kimchi Developer<br>
Software Engineer - Linux Technology Center Brazil<br>
IBM Systems & Technology Group<br>
Phone : +55 19 2132 7878<br>
<a moz-do-not-send="true" href="mailto:ramonn@br.ibm.com"
target="_blank">ramonn@br.ibm.com</a><br>
<br>
_______________________________________________<br>
Kimchi-devel mailing list<br>
<a moz-do-not-send="true" href="mailto:Kimchi-devel@ovirt.org"
target="_blank">Kimchi-devel@ovirt.org</a><br>
<a moz-do-not-send="true"
href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel"
target="_blank">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
</blockquote>
<br>
</body>
</html>