You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@vcl.apache.org by Dmitri Chebotarov <dc...@gmu.edu> on 2013/01/20 04:39:14 UTC

Firewall

Hi  

I've noticed that firewall on Win7 images is OFF during 'available' and 'inuse' states. Is it normal?
This is what I found out after a closer look.

vcld makes necessary changes to firewall during reservation or reload, but doesn't set firewall ON if the firewall was OFF.
I'm not sure if firewall configuration is part of base image config - i.e. set custom firewall rules manually and enable firewall (ON). I couldn't find any mentioning of firewall config during base image configuration.

I think expected behavior would be to set firewall ON (netsh advfirewall set allprofiles set on) during reload.  
I've added above command (netsh adv…) to Version_6.pm to make sure that firewall is always ON regardless of initial firewall status on base image.

Thanks.  

--
Dmitri Chebotarov
Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
223 Aquia Building, Ffx, MSN: 1B5
Phone: (703) 993-6175
Fax: (703) 993-3404

Re: Firewall

Posted by Dmitri Chebotarov <dc...@gmu.edu>.

Andy,  

Thank you, this makes sense. Windows firewall does get in a way and it's easier to disable it.  
It may be a good idea to reflect this in documentation (preparing base image).

Have you considered for VCL to provision a central network firewall? This way it would be OS independent solution which potentially could be easiest to manage and implement...  
I've also noticed that Ubuntu.pm doesn't set firewall (VCL 2.3).  

Thanks.
--
Dmitri Chebotarov
Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
223 Aquia Building, Ffx, MSN: 1B5
Phone: (703) 993-6175
Fax: (703) 993-3404


On Tuesday, January 22, 2013 at 13:06 , Andy Kurth wrote:

> Nothing turns the firewall on if the image was saved with it off. The
> thinking was to leave the firewall state intact if the image creator
> intended for it to be off. This obviously isn't ideal, but some image
> creators may just disable it to get things to work.
>  
> I'd lean to changing the code to always enable it upon image capture and
> load. This wouldn't take much work. There are a few gotchas that need to
> be checked. For example, if the firewall service is disabled then the
> netsh command will fail.
>  
> -Andy
>  
> On Sat, Jan 19, 2013 at 10:39 PM, Dmitri Chebotarov <dchebota@gmu.edu (mailto:dchebota@gmu.edu)>wrote:
>  
> > Hi
> >  
> > I've noticed that firewall on Win7 images is OFF during 'available' and
> > 'inuse' states. Is it normal?
> > This is what I found out after a closer look.
> >  
> > vcld makes necessary changes to firewall during reservation or reload, but
> > doesn't set firewall ON if the firewall was OFF.
> > I'm not sure if firewall configuration is part of base image config - i.e.
> > set custom firewall rules manually and enable firewall (ON). I couldn't
> > find any mentioning of firewall config during base image configuration.
> >  
> > I think expected behavior would be to set firewall ON (netsh advfirewall
> > set allprofiles set on) during reload.
> > I've added above command (netsh adv…) to Version_6.pm to make sure that
> > firewall is always ON regardless of initial firewall status on base image.
> >  
> > Thanks.
> >  
> > --
> > Dmitri Chebotarov
> > Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
> > 223 Aquia Building, Ffx, MSN: 1B5
> > Phone: (703) 993-6175
> > Fax: (703) 993-3404
>

Re: Firewall

Posted by Andy Kurth <an...@ncsu.edu>.

Nothing turns the firewall on if the image was saved with it off.  The
thinking was to leave the firewall state intact if the image creator
intended for it to be off.  This obviously isn't ideal, but some image
creators may just disable it to get things to work.

I'd lean to changing the code to always enable it upon image capture and
load.  This wouldn't take much work.  There are a few gotchas that need to
be checked.  For example, if the firewall service is disabled then the
netsh command will fail.

-Andy

On Sat, Jan 19, 2013 at 10:39 PM, Dmitri Chebotarov <dc...@gmu.edu>wrote:

> Hi
>
> I've noticed that firewall on Win7 images is OFF during 'available' and
> 'inuse' states. Is it normal?
> This is what I found out after a closer look.
>
> vcld makes necessary changes to firewall during reservation or reload, but
> doesn't set firewall ON if the firewall was OFF.
> I'm not sure if firewall configuration is part of base image config - i.e.
> set custom firewall rules manually and enable firewall (ON). I couldn't
> find any mentioning of firewall config during base image configuration.
>
> I think expected behavior would be to set firewall ON (netsh advfirewall
> set allprofiles set on) during reload.
> I've added above command (netsh adv…) to Version_6.pm to make sure that
> firewall is always ON regardless of initial firewall status on base image.
>
> Thanks.
>
> --
> Dmitri Chebotarov
> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
> 223 Aquia Building, Ffx, MSN: 1B5
> Phone: (703) 993-6175
> Fax: (703) 993-3404
>
>
>