<div dir="ltr"><div>Thanks!<br></div>So As I undertand it correctly the @CUSTOM_RULES@ will be overridden by engine-config --set IPTablesConfigSiteCustom=""?<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><pre class="moz-signature" cols="72"><span><pre class="moz-signature" cols="72">***********************************************************</pre></span> Dr. Arman Khalatyan eScience -SuperComputing
Leibniz-Institut für Astrophysik Potsdam (AIP)
An der Sternwarte 16, 14482 Potsdam, Germany <br><span><pre class="moz-signature" cols="72">***********************************************************<br></pre></span></pre>
</div></div></div>
<br><div class="gmail_quote">On Wed, Nov 26, 2014 at 11:24 AM, Alon Bar-Lev <span dir="ltr"><<a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You can look within /usr/share/ovirt-engine/dbscripts/upgrade/pre_upgrade/0000_config.sql for last instance of the value you seek (in most cases).<br>
<br>
IPTablesConfig:<br>
---<br>
# oVirt default firewall configuration. Automatically generated by vdsm bootstrap script.<br>
*filter<br>
:INPUT ACCEPT [0:0]<br>
:FORWARD ACCEPT [0:0]<br>
:OUTPUT ACCEPT [0:0]<br>
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br>
-A INPUT -p icmp -j ACCEPT<br>
-A INPUT -i lo -j ACCEPT<br>
# vdsm<br>
-A INPUT -p tcp --dport @VDSM_PORT@ -j ACCEPT<br>
# SSH<br>
-A INPUT -p tcp --dport @SSH_PORT@ -j ACCEPT<br>
# snmp<br>
-A INPUT -p udp --dport 161 -j ACCEPT<br>
<br>
@CUSTOM_RULES@<br>
<br>
# Reject any other input traffic<br>
-A INPUT -j REJECT --reject-with icmp-host-prohibited<br>
-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited<br>
COMMIT<br>
---<br>
<span class="im HOEnZb"><br>
----- Original Message -----<br>
> From: "Arman Khalatyan" <<a href="mailto:arm2arm@gmail.com">arm2arm@gmail.com</a>><br>
</span><div class="HOEnZb"><div class="h5">> To: "Alon Bar-Lev" <<a href="mailto:alonbl@redhat.com">alonbl@redhat.com</a>><br>
> Cc: "users" <<a href="mailto:users@ovirt.org">users@ovirt.org</a>><br>
> Sent: Wednesday, November 26, 2014 12:17:18 PM<br>
> Subject: Re: [ovirt-users] what should be the output of the default iptables rules?<br>
><br>
> Sorry forgot to mention:<br>
> Centos 6.6 ovirt 3.5.x, glusterfs 3.6.x, Storage type is iscsi<br>
><br>
> ***********************************************************<br>
><br>
> Dr. Arman Khalatyan eScience -SuperComputing Leibniz-Institut für<br>
> Astrophysik Potsdam (AIP) An der Sternwarte 16, 14482 Potsdam, Germany<br>
><br>
> ***********************************************************<br>
><br>
><br>
> On Wed, Nov 26, 2014 at 11:13 AM, Alon Bar-Lev <<a href="mailto:alonbl@redhat.com">alonbl@redhat.com</a>> wrote:<br>
><br>
> ><br>
> > What version do you use?<br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Arman Khalatyan" <<a href="mailto:arm2arm@gmail.com">arm2arm@gmail.com</a>><br>
> > > To: "users" <<a href="mailto:users@ovirt.org">users@ovirt.org</a>><br>
> > > Sent: Wednesday, November 26, 2014 12:00:10 PM<br>
> > > Subject: [ovirt-users] what should be the output of the default<br>
> > iptables rules?<br>
> > ><br>
> > > Hello,<br>
> > > I was playing with custom iptables rules and something went wrong.<br>
> > > Now my engine-config -g IPTablesConfig is empty.<br>
> > ><br>
> > > Can some one please give a hint what should be there??:)<br>
> > ><br>
> > > Thanks,<br>
> > > Arman.<br>
> > ><br>
> > > ***********************************************************<br>
> > > Dr. Arman Khalatyan eScience -SuperComputing Leibniz-Institut für<br>
> > Astrophysik<br>
> > > Potsdam (AIP) An der Sternwarte 16, 14482 Potsdam, Germany<br>
> > > ***********************************************************<br>
> > ><br>
> > > _______________________________________________<br>
> > > Users mailing list<br>
> > > <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> > > <a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
> > ><br>
> ><br>
><br>
</div></div></blockquote></div><br></div>