On 07/14/2014 10:20 AM, Petr Spacek wrote: > On 12.7.2014 08:40, James wrote: >> Hi freeipa-devel, >> >> I just added automatic firewalling for puppet-ipa. (Disclaimer it's >> currently untested...) >> >> What I'm missing is an exact and exhaustive list of exactly which ports >> each replica needs open for each other replica. I'm hoping that this >> list is symmetrical. > > AFAIK ipa-replica-conncheck utility and ipa-server-install script should show > list of required ports. >
The ipa-replica-conncheck list is a good start, but it does not for example show ports of optional services, like DNS. You need to figure these out based on installed optional services. Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
