[ovirt-users] Doubt about iptables host config
Gianluca Cecchi
gianluca.cecchi at gmail.com
Tue Oct 3 08:51:33 UTC 2017
Hello,
I have read this interesting blog post
https://www.ovirt.org/blog/2016/12/extension-iptables-rules-oVirt-hosts/
In my case, to allow incoming connections from Nagios server to connect to
Nagios nrpe daemon installed on hosts I have run
[root at ovmgr1 ~]# engine-config --set IPTablesConfigSiteCustom='
> -A INPUT -p tcp --dport 5666 -s 10.4.5.99/32 -m comment --comment "Nagios
NRPE daemon" -j ACCEPT
> '
[root at ovmgr1 ~]#
and
systemctl restart ovirt-engine
BTW: the link above misses the final ' apex at the end of the similar
command in the given example
On my oVirt running host (CentOS 7.4) in the mean time I have run
[g.cecchi at ov300 ~]$ sudo iptables -I INPUT 16 -p tcp --dport 5666 -s
10.4.5.99/32 -m comment --comment "Nagios NRPE daemon" -j ACCEPT
In fact the current "reject-with icmp-host-prohibited" was line 16 and I
have inserted it right before.
So far so good.
I have a doubt if, in case of host put into maintenance and then
reactivated, or rebooted, the rule will remain.
Or do I have anyway to put any line in any file on host to set it
persistently?
I wouldn't like to go and reinstall it only to statically set a new
iptables rule.
Thanks,
Gianluca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20171003/d5aa0832/attachment.html>
More information about the Users
mailing list