Hi Andrija, My idea would be to either ensure (in the cloudstack-setup-management) that both firewalld/ufw are disabled and continue operating with pure iptables OR to not add rules at all, but instead print a message on the requirements to open access to ports 8080/8250/9090 with whatever firewall management tool the user uses
​Supporting many different firewall management tools will be a Herculean effort and may still fail when new tools emerge. I think it would be ok to drop automatic firewall rule creation and let the user manage their own rules instead. It's always been this way on Debian (and derivates), and I don't see why other distributions should be different. Perhaps RHEL/CentOS has handled this differently in the past, and firewalld is supposed to solve the distribution fragmentation problem, just like systemd did. But there's far less adoption of firewalld than systemd, so I don't think it makes sense to try to solve this in CloudStack. (just my 2¢) Regards, Gregor
