Re: [ovirt-users] Question about firewall on hypervisor
On Wed, Apr 5, 2017 at 10:08 AM, Gianluca Cecchi
<gianluca.cecchi(a)gmail.com> wrote:
Suppose I want to disable firewall at already installed hypervisor
side (eg
because I want to setup OVN and currently if I remember correctly it needs
to be disabled for that),
IIUC it does provide firewalld service files, no?
Never tried or read anything about it, I only know this from
reviewing related patches...
https://gerrit.ovirt.org/74021
It does mean you need to disable iptables, enable firewalld, and
handle firewalld on your own (the engine won't help you).
An alternative is to manually find out the ports you need open
and add them to IPTablesConfigSiteCustom. This only affects
hosts during (re)installation.
can I simply disable the related services through
systemctl stop iptables
systemctl disable iptables
systemctl stop firewalld
systemctl disable firewalld
Or is anything else to do at hypervisor and/or engine side?
I don't see anything in web admin gui editing the host, while when I add the
host there is the checkbox "Automatically configure host firewall"....
Indeed.
The engine does not manage the firewall on hosts except during deploy.
See also:
https://www.ovirt.org/blog/2016/12/extension-iptables-rules-oVirt-hosts/
Best,
Thanks,
Gianluca
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--
Didi