Hi, On Thu, Apr 01, Dario Faggioli wrote:
On Wed, 2021-03-31 at 18:42 -0600, Paul Graham wrote:
Anyway, I may have missed how to install "firewalld", but, the best I can tell, there is no "firewalld" package that I can install.
Suggestions?
Mmm... Maybe it's not in the iso?
Most likely.
Point is, why you need the firewall on the host and are you sure it will work well? I'm not a networking expert, but you'll have containers there that needs to control iptables to work. Then the firewall will try to do the same and there may be issues.
podman is using the firewalld-cmd to set the rules, that's not the problem. But changes to firewall rules can flush the rules set by podman, and this will kill your container network. The use-case for a firewall isn't clear to me here, too: MicroOS as container host has exactly one open port: sshd. If you don't want that: stop the service. Else you have to explicit export ports of containers to be visible outside. If you want that, then you need to do that always twice: for podman and for the firewall. So the only use-case I see is, if you accidently exports ports to containers. But in the same way you could accidently open ports in the firewall. Thorsten
For now, I am going to try things out without firewalld installed at install time and see if I can install it after the fact.
Installing after the fact should work.
I did that, as an experiment, and it seemed to work fine. It was on a MicroOS Desktop system, but that should not make too big of a difference, at least for what concerns installing and running it.
About the conflict over iptables mentioned above, well, I've run firewalld on this MicroOS desktop box for a while and was using toolbox (which is a podman container) intensively and had no issues. But I genuinely don't know whether that would be the same on a proper container host system.
Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)
-- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)