On Mon, Feb 26, 2018 at 2:49 PM, Nicolas Ecarnot <nicolas@ecarnot.net> wrote:
Le 26/02/2018 à 14:03, Yedidyah Bar David a écrit :
On Mon, Feb 26, 2018 at 2:01 PM, Nicolas Ecarnot <nicolas@ecarnot.net> wrote:
Hello,
On oVirt 4.2.1.7, I'm trying to setup custom iptables rules as I'm doing since years with engine-config --set IPTablesConfigSiteCustom="blah blah blah".
On my hosts, I can see in my hosts that /etc/sysconfig/iptables does contain the correct custom rules I added, but when manually checking with iptables -L, I don't see my rules active.
On my hosts, I see that the iptables services is stopped and disabled, and that the firewalld service is up and running.
That explains why iptables customization has no effect.
Indeed.
IIRC the type of firewall is now set per cluster or something like that, not sure about the details - adding Ondra.
Per cluster, one can indeed choose the firewall type. I suppose it translates on the hosts into the activation of the adequate service. But how do we add custom rules in case of firewalld type?
On the hosts, I imagine that could translate into changes in : /etc/firewalld/zones/public.xml
Please take a look at below RFE introducing firewalld support for host and blog post to read about new possibilities to customize host-deploy process (which also can be used for custom firewalld rules) in oVirt 4.2: https://bugzilla.redhat.com/show_bug.cgi?id=995362 https://www.ovirt.org/blog/2017/12/host-deploy-customization/
-- Nicolas ECARNOT _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Martin Perina Associate Manager, Software Engineering Red Hat Czech s.r.o.