<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 26, 2018 at 2:49 PM, Nicolas Ecarnot <span dir="ltr"><<a href="mailto:nicolas@ecarnot.net" target="_blank">nicolas@ecarnot.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Le 26/02/2018 à 14:03, Yedidyah Bar David a écrit :<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
On Mon, Feb 26, 2018 at 2:01 PM, Nicolas Ecarnot <<a href="mailto:nicolas@ecarnot.net" target="_blank">nicolas@ecarnot.net</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Hello,<br>
<br>
On oVirt 4.2.1.7, I'm trying to setup custom iptables rules as I'm doing<br>
since years with engine-config --set IPTablesConfigSiteCustom="blah blah<br>
blah".<br>
<br>
On my hosts, I can see in my hosts that /etc/sysconfig/iptables does contain<br>
the correct custom rules I added, but when manually checking with iptables<br>
-L, I don't see my rules active.<br>
<br>
On my hosts, I see that the iptables services is stopped and disabled, and<br>
that the firewalld service is up and running.<br>
<br>
That explains why iptables customization has no effect.<br>
</blockquote>
<br>
Indeed.<br>
<br>
IIRC the type of firewall is now set per cluster or something like that, not<br>
sure about the details - adding Ondra.<br>
</blockquote>
<br>
Per cluster, one can indeed choose the firewall type.<br>
I suppose it translates on the hosts into the activation of the adequate service.<br>
But how do we add custom rules in case of firewalld type?<br>
<br>
On the hosts, I imagine that could translate into changes in :<br>
/etc/firewalld/zones/public.xm<wbr>l<span class="gmail-HOEnZb"><font color="#888888"><br></font></span></blockquote><div><br><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Please take a look at below RFE introducing firewalld support for host and blog post to read about new possibilities to customize host-deploy process (which also can be used for custom firewalld rules) in oVirt 4.2:<br><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=995362">https://bugzilla.redhat.com/show_bug.cgi?id=995362</a><br><a href="https://www.ovirt.org/blog/2017/12/host-deploy-customization/">https://www.ovirt.org/blog/2017/12/host-deploy-customization/</a></div> <br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-HOEnZb"><font color="#888888">
<br>
-- <br>
Nicolas ECARNOT<br>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><font size="1">Martin Perina<br>Associate Manager, Software Engineering<br>Red Hat Czech s.r.o.<br></font></div></div>
</div></div>