<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">From what I've noticed /etc/sysconfig/iptables is only touched by ovirt when it does the initial install or upgrade. My iptables rules have been happily running for months..</div>
<div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">ICMP returning an error/blocked message believe it's the last line in the iptables config file which ovirt configures in the initial install.</div>
<div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_extra"><div class="gmail_quote">On Wed, Oct 2, 2013 at 5:40 PM, Sven Kieske <span dir="ltr"><<a href="mailto:S.Kieske@mittwald.de" target="_blank">S.Kieske@mittwald.de</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
no, this is _no_ all in one installation, as was clearly stated in my<br>
first messsage.<br>
I do not try to run VMs on the management node.<br>
<br>
Maybe I should rearrange my question:<br>
<br>
What is the recommended way of adding additional iptables rules on the<br>
management node? We need to make sure our additional rules do not get<br>
overwritten by ovirt.<br>
<br>
Can you just append rules to /etc/sysconfig/iptables<br>
or does this file get overwritten under any circumstances from this<br>
"vdsm bootstrap script" or any other ovirt related component?<br>
<br>
Thanks<br>
<span><font color="#888888"><br>
Sven<br>
</font></span><div><br>
<br>
<br>
<br>
On 02/10/13 09:14, Yedidyah Bar David wrote:<br>
> Hi,<br>
><br>
> ----- Original Message -----<br>
>> From: "Sven Kieske" <<a href="mailto:S.Kieske@mittwald.de" target="_blank">S.Kieske@mittwald.de</a>><br>
>> To: "oVirt Users ML" <<a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br>
>> Sent: Wednesday, October 2, 2013 9:58:43 AM<br>
>> Subject: Re: [Users] iptables settings/scripts ovirt 3.3<br>
>><br>
>> Hi,<br>
>><br>
>> thanks for your answer on list, Russ.<br>
>> But I still don't know which mechanism(s?) do(es)<br>
>> change firewall settings on the oVirt Management Node?<br>
><br>
> Do you have on the management node also VDSM? The allinone plugin?<br>
> Is that intended? You need it if you want to run VMs on it. VDSM<br>
> manages networking on nodes (hypervisors), which includes the management<br>
> node if you have chosen so during setup.<br>
><br>
> Regards,<br>
><br>
</div><div><div>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
</div></div></blockquote></div><br></div></div>