#113: Ship with firewall on by default -----------------------+--------------------- Reporter: dustymabe | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: --- | Resolution: Keywords: meeting | -----------------------+---------------------
Comment (by ryansb):
Agreed, the target use cases (GCE, EC2, OpenStack, whatever) all have network security external to the instance. Anyone who needs the firewall active can, as you said, use cloud-init or chef/puppet/ansible/salt.
For casual cloud users, having an instance firewall deny them after they've set up security groups to allow the traffic would probably be confusing if they assume security groups "are" the firewall.