Martin,

I think that making the firewall configuration automatic is the best
solution. I've updated
http://www.freeipa.org/page/V4/Firewall_Configuration for automatic
configuration unless --no-firewall is passed.

You guys know the user-base better than I do, but I would imagine that
users would benefit by making a FreeIPA installation work properly
with as few arguments as possible.

Thanks,
Justin

On Thu, Apr 10, 2014 at 1:48 AM, Martin Kosek <mko...@redhat.com> wrote:
> On 04/10/2014 02:57 AM, Dmitri Pal wrote:
>> On 04/08/2014 02:42 PM, Rob Crittenden wrote:
>>> Justin Brown wrote:
> ...
>> b) Example: freeipa-server-install --setup-dns --forwarder=192.168.0.2
>> --forwarder=192.168.0.3
>
> Let's talk about CLI. Shouldn't we add just one option - "--no-firewall"? I
> would assume that we want to open the firewall ports by default *if* the
> firewalld is running. If firewalld is not running, ipa-server-install would
> detect it via DBUS and just simply print warning and would not configure
> anything and could just maybe spit out iptables configuration as Justin
> mentioned (optional).
>
> Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to