Run it only on the external interfaces. I don't recall the details of why, but there was something that breaks when you run it on internal interfaces, even if you open all the documented ports.
My recollection is somewhat vague, but it had something to do with the discovery process, and one of the services using ephemeral ports, something like that. It was a very subtle issue that you might not always discover right away. But, yes, on the external interface, knock yourself out in terms of enabling firewalld. _______________________________________________________________________ Kevin Keane | Systems Architect | University of San Diego ITS | kke...@sandiego.edu Maher Hall, 192 |5998 Alcalá Park | San Diego, CA 92110-2492 | 619.260.6859 | Text: 760-721-8339 *REMEMBER! **No one from IT at USD will ever ask to confirm or supply your password*. These messages are an attempt to steal your username and password. Please do not reply to, click the links within, or open the attachments of these messages. Delete them! On Mon, Sep 9, 2019 at 2:48 PM John McCulloch <jo...@pcpcdirect.com> wrote: > Is it problematic to run firewalld on the xCAT head node? I'm looking for > some way to curtail the security auditors from continuously probing our > cluster and sending reports. > > > John McCulloch | PCPC Direct, Ltd. | desk 713-344-0923 > _______________________________________________ > xCAT-user mailing list > xCAT-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xcat-user >
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
