Actions
Cleanup #50375
closedcephadm firewall: move to unit.run?
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:
Description
Right now, firewall ports are opened when deploying a unit.
We should investigate, if the firewall could be configured within the unit.run file. And also close the again when stopping the unit.
Benefits:
- we're not leaving ports open when undeploying daemons
- slightly faster deployment of units
- increased security as we're not opening ports without actually using them.
Is this doable and worthwile?
Actions