[ovirt-users] Re: Safely disable firewalld [Ovirt 4.3]
On Wed, Apr 22, 2020 at 12:23 PM Michaƫl Couren <couren(a)abes.fr> wrote:
>
> Also, please note that in el8 (which will be the only supported OS for
> oVirt 4.4), if you do not want to use firewalld, might have to
> convert/amend your scripts/conf to use nftables.
>
> Best regards,
> --
> Didi
Hi, I'm still using iptables on CentOS8-stream but not sure if it uses nftables or
the "old" good netfilter
in the backend.
Didn't play yet at all with either nftables or EL8's iptables. Only
recently realized it's indeed included:
https://gerrit.ovirt.org/108265
(Debian 10 documentation seems more precise on this point)
By the way I don't use it on oVirt nodes just on VMs... Just saying it is possible.
Yes, saw that too. Also that on a firewalld managed EL8 machine,
'iptables-save' says:
# Generated by xtables-save v1.8.2 on Wed Apr 22 12:50:13 2020
...
# Completed on Wed Apr 22 12:50:13 2020
# Table `firewalld' is incompatible, use 'nft' tool.
So this tells me, without learning nft, to be careful...
Thanks!
--
Didi