On Wed, Apr 22, 2020 at 9:21 AM <francesco@shellrent.com> wrote:
Hi all,
I was wondering if it's "safe" disabling entirely the firewalld service and manage the firewall only via iptables, on the host and on the hosted engine (a self-hosted engine). It would make a lot easier the managing the firewall rules for me because of many automatisms I created based on iptables. Did anyone manage to do this? Any contraindication for doing this or precaution that I have to take care of?
I didn't try this myself, but last time this was discussed Simone said that it's mandatory to have firewalld enabled and active during the hosted-engine deploy, but that it should be safe to stop/disable after that, as well as add new hosts without firewall. Also, please note that in el8 (which will be the only supported OS for oVirt 4.4), if you do not want to use firewalld, might have to convert/amend your scripts/conf to use nftables. Best regards, -- Didi