Eric Garver
Eric Garver
> > Is this acceptable for foreman users? Foreman team is the best to answer that, IMO. > > Hard to say. In the documentation we have never pointed to...
> The thing that got this whole ball rolling was that we were looking at using these definitions and realized they're not really correct. In that case, lets fix them....
> I'll discuss this in our team again and try to come up with a plan ACK. I'll wait on your response then.
> ourselves would be more flexible and allows us to keep it correcy for multiple versions That's cool. So what do we want to do with existing foreman/satellite/etc services that...
> > ourselves would be more flexible and allows us to keep it correcy for multiple versions > > That's cool. So what do we want to do with existing...
> I believe where we have landed is to remove Satellite/Foreman from being included in firewalld. @erig0 is that a change we should open a PR for? Yeah. It's technically...
Then open a PR dropping them. I will merge it.
Hrm. When using the `nftables` backend are there iptables rules installed by other entities? Check with `iptables-save`. It's possible the packets are dropped in `iptables` long before they're seen by...
> I assumed that outgoing connections are always allowed, is this assumption correct? Yes. That's correct.
See #1093. @ekohl, please take a look at this PR.