[ovirt-users] Hosts firewall custom setup

Hello, On oVirt 4.2.1.7, I'm trying to setup custom iptables rules as I'm doing since years with engine-config --set IPTablesConfigSiteCustom="blah blah blah". On my hosts, I can see in my hosts that /etc/sysconfig/iptables does contain the correct custom rules I added, but when manually checking with iptables -L, I don't see my rules active. On my hosts, I see that the iptables services is stopped and disabled, and that the firewalld service is up and running. That explains why iptables customization has no effect. In the engine setup, I see that /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf contains : OVESETUP_CONFIG/firewallManager=none:None I'm confused about this setting : when running engine-setup, I'm not sure to understand if answering yes to the question about the firewall will modify the engine, the hosts, or all of them? Actually, I'd like my engine to stay with a disabled firewall, but my hosts with an active one. Is it true to say that this is not an option and I have to answer yes, enable the firewall on the engine, allowing the OVESETUP_CONFIG/firewallManager option to be set up (to firewalld or iptables), thus allowing the spread of this setup towards the hosts? Thank you. -- Nicolas ECARNOT