<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div></div><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Giuseppe Ragusa" <giuseppe.ragusa@hotmail.com><br><b>To: </b>"Yedidyah Bar David" <didi@redhat.com><br><b>Cc: </b>"Users@ovirt.org" <users@ovirt.org><br><b>Sent: </b>Tuesday, March 25, 2014 11:49:36 PM<br><b>Subject: </b>RE: [Users] Otopi pre-seeded answers and firewall settings<br><div><br></div><style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style><div dir="ltr">Hi Didi,<br>many thanks for your invaluable help!<br><div><br></div>I'll try your suggestion (/etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf) asap and then I will report back.<br><div><br></div>By the way: I have a really custom iptables setup (multiple separated networks on hypervisor hosts), so I suppose it's best to hand tune firewall rules and then leave them alone (I pre-configure them, so the setup procedure won't be impeded in its communication needs anyway AND I will always guarantee the most stringent filtering possible with default deny ecc.).</div></blockquote><div><br></div><div>I now asked Sandro and he told me the obvious: In the "New Host" form there is a checkbox for that :-)</div><div><br></div><div>In hosted-engine we do not support that, it's always set - '<span style="font-family: monospace; font-size: 12px; white-space: pre; background-color: #ffffff;" data-mce-style="font-family: monospace; font-size: 12px; white-space: pre; background-color: #ffffff;">override_iptables=True</span>' in [1].</div><div><br></div><div>You can open a bug if you want, to make this configurable.</div><div><br></div><div>It might make sense to use the value input in the question about iptables, but these are different issues.</div><div><br></div><div>[1] <a href="http://gerrit.ovirt.org/gitweb?p=ovirt-hosted-engine-setup.git;a=blob;f=src/plugins/ovirt-hosted-engine-setup/engine/add_host.py" data-mce-href="http://gerrit.ovirt.org/gitweb?p=ovirt-hosted-engine-setup.git;a=blob;f=src/plugins/ovirt-hosted-engine-setup/engine/add_host.py">http://gerrit.ovirt.org/gitweb?p=ovirt-hosted-engine-setup.git;a=blob;f=src/plugins/ovirt-hosted-engine-setup/engine/add_host.py</a></div><div><span style="font-size: 12pt;">-- </span></div><div><span name="x"></span>Didi<br><span name="x"></span><br></div><style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}
.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}
--></style></div></body></html>