I question if we need firewalld in atomic. It could be a regular container. Or a system container if we need it running before docker.
No? Not sure who to ask to look at actually doing it. But yes, I think everyone who has software doing automated updating of iptables rules wants something like firewalld... On Tue, 2017-04-25 at 09:24 -0400, Stephen Milner wrote: > On Tue, Apr 25, 2017 at 5:31 AM, Fabian Deutsch <fdeut...@redhat.com> > wrote: > > On Tue, Apr 25, 2017 at 5:42 AM, Ben Breard <bbre...@redhat.com> > > wrote: > > > I'm starting to warm up to the idea of adding firewalld in Atomic > > > Host. If > > > we do this, it would be a requirement to clean up the absurd > > > default zones & > > > policies and have something relevant for AH out of the box. > > > > +1 > > > > for AH, and to play nice with OCP/Kube by default - if used in that > > use-case. > > > > - fabian > > I will admit, I do think it is easier to change Atomic Host to have > firewalld than seemingly > everyone else to move back to iptables. Adding Russell Teague from > the > openshift ansible > side since he's done some firewalld/iptables work in this area. >
