It is possible, but we don't have crafted policies ready to go for the services
and the linux firewall may have some limitations with respect to some multicast
related commands that you probably don't use anyway. Depending on the
functionality you use, you could spend a short while or a long while creating
some selinux policies and also using chcon to manually fix up contexts in some
cases. In short, it should be possible, but we don't have it documented.
It has been a focus to be more firewall and selinux friendly as confluent comes
along, more carefully documenting rules and limitations, but it can't deploy
operating systems yet (also the web forwarding feature is currently
incompatible with firewall, and discovery bumps into an unfortunate reality
that RELATED,ESTABLISHED does not seem to do a good job of matching unicast
replies to multicast queries (or we've missed something).
From: Pharthiphan Asokan <paso...@ddn.com>
Sent: Thursday, September 6, 2018 4:06 AM
To: xcat-user@lists.sourceforge.net
Subject: [External] [xcat-user] is it possible to use xCAT having firewall and
selinux on
Hi All,
is it possible to use xCAT having firewall and selinux on. By opening up the
ports which are required by xCAT
by default, it disables the firewall while installation.
Any thoughts !
Regards,
Pharthiphan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
