Re: [ovirt-users] Hosts firewall custom setup

Le 26/02/2018 à 14:03, Yedidyah Bar David a écrit : > On Mon, Feb 26, 2018 at 2:01 PM, Nicolas Ecarnot <nicolas(a)ecarnot.net&gt; > wrote: > >> Hello, >> >> On oVirt 4.2.1.7, I'm trying to setup custom iptables rules as I'm doing >> since years with engine-config --set IPTablesConfigSiteCustom="blah blah >> blah". >> >> On my hosts, I can see in my hosts that /etc/sysconfig/iptables does >> contain >> the correct custom rules I added, but when manually checking with >> iptables >> -L, I don't see my rules active. >> >> On my hosts, I see that the iptables services is stopped and disabled, >> and >> that the firewalld service is up and running. >> >> That explains why iptables customization has no effect. >> > > Indeed. > > IIRC the type of firewall is now set per cluster or something like that, > not > sure about the details - adding Ondra. > Per cluster, one can indeed choose the firewall type. I suppose it translates on the hosts into the activation of the adequate service. But how do we add custom rules in case of firewalld type? On the hosts, I imagine that could translate into changes in : /etc/firewalld/zones/public.xml

-- Nicolas ECARNOT _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users