Martin, I think that making the firewall configuration automatic is the best solution. I've updated http://www.freeipa.org/page/V4/Firewall_Configuration for automatic configuration unless --no-firewall is passed.
You guys know the user-base better than I do, but I would imagine that users would benefit by making a FreeIPA installation work properly with as few arguments as possible. Thanks, Justin On Thu, Apr 10, 2014 at 1:48 AM, Martin Kosek <mko...@redhat.com> wrote: > On 04/10/2014 02:57 AM, Dmitri Pal wrote: >> On 04/08/2014 02:42 PM, Rob Crittenden wrote: >>> Justin Brown wrote: > ... >> b) Example: freeipa-server-install --setup-dns --forwarder=192.168.0.2 >> --forwarder=192.168.0.3 > > Let's talk about CLI. Shouldn't we add just one option - "--no-firewall"? I > would assume that we want to open the firewall ports by default *if* the > firewalld is running. If firewalld is not running, ipa-server-install would > detect it via DBUS and just simply print warning and would not configure > anything and could just maybe spit out iptables configuration as Justin > mentioned (optional). > > Martin _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel