I think that making the firewall configuration automatic is the best
solution. I've updated
http://www.freeipa.org/page/V4/Firewall_Configuration for automatic
configuration unless --no-firewall is passed.
You guys know the user-base better than I do, but I would imagine that
users would benefit by making a FreeIPA installation work properly
with as few arguments as possible.
On Thu, Apr 10, 2014 at 1:48 AM, Martin Kosek <mko...@redhat.com> wrote:
> On 04/10/2014 02:57 AM, Dmitri Pal wrote:
>> On 04/08/2014 02:42 PM, Rob Crittenden wrote:
>>> Justin Brown wrote:
>> b) Example: freeipa-server-install --setup-dns --forwarder=192.168.0.2
> Let's talk about CLI. Shouldn't we add just one option - "--no-firewall"? I
> would assume that we want to open the firewall ports by default *if* the
> firewalld is running. If firewalld is not running, ipa-server-install would
> detect it via DBUS and just simply print warning and would not configure
> anything and could just maybe spit out iptables configuration as Justin
> mentioned (optional).
Freeipa-devel mailing list