<div dir="ltr"><div><div><div><div><div><div>Hello All,<br><br></div>thanks for the replies.<br><br></div>As far as I can tell with limited experience, Firewalld is supported on both engine-setup and<br></div>when adding a Centos7 host.<br></div>I made a first attempt to translate the resulting Firewalld rules to a Shorewalld setup, this failed.<br></div>I will look into this further.<br></div>Greetings, J.<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-11-01 10:20 GMT+01:00 Yedidyah Bar David <span dir="ltr"><<a href="mailto:didi@redhat.com" target="_blank">didi@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Fri, Oct 30, 2015 at 7:03 PM, Jiri Belka <<a href="mailto:jbelka@redhat.com">jbelka@redhat.com</a>> wrote:<br>
>> From: "Johan Vermeulen" <<a href="mailto:jameslast29@gmail.com">jameslast29@gmail.com</a>><br>
>> To: "users" <<a href="mailto:users@ovirt.org">users@ovirt.org</a>><br>
>> Sent: Wednesday, October 28, 2015 4:13:49 PM<br>
>> Subject: [ovirt-users] Ovirt and Shorewall<br>
><br>
>> Hello All,<br>
><br>
>> I'm still experimenting with Ovirt-setup.<br>
>> Because Centos/Rhel7 now have Firewalld, and because I still have some<br>
>> Centos6<br>
>> machines with Iptables, I was kinda hoping to use Shorewall on both.<br>
><br>
>> Is there any support/documentation for this in the Ovirt-world?<br>
><br>
> On RHEL 7, ovirt 3.6 puts vdsm ("hypervisor" host) firewall rules<br>
> as xml file into firewalld directory.<br>
><br>
> It is open-source, check engine-setup source and maybe you can propose<br>
> diffs for another fw frontend support.<br>
<br>
</span>engine-setup supports firewalld, and the code is designed to be<br>
extensible so that we can add support for other firewall managers,<br>
even with an external plugin packaged separately. Never tried this<br>
myself, though.<br>
<br>
engine-setup affects only the firewall on the machine running the engine<br>
itself.<br>
<br>
Support for the engine, so that it properly populates the firewall on<br>
the hosts, is a different matter. There is [1] to track this for<br>
firewalld.<br>
<br>
[1] <a href="https://bugzilla.redhat.com/show_bug.cgi?id=995362" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=995362</a><br>
<br>
Best,<br>
<span class="HOEnZb"><font color="#888888">--<br>
Didi<br>
</font></span></blockquote></div><br></div>