[ovirt-users] Re: Safely disable firewalld [Ovirt 4.3]
On Wed, Apr 22, 2020 at 9:21 AM <francesco(a)shellrent.com> wrote:
Hi all,
I was wondering if it's "safe" disabling entirely the firewalld service and
manage the firewall only via iptables, on the host and on the hosted engine (a self-hosted
engine). It would make a lot easier the managing the firewall rules for me because of many
automatisms I created based on iptables. Did anyone manage to do this? Any
contraindication for doing this or precaution that I have to take care of?
I didn't try this myself, but last time this was discussed Simone said
that it's mandatory to have firewalld enabled and active during the
hosted-engine deploy, but that it should be safe to stop/disable after
that, as well as add new hosts without firewall.
Also, please note that in el8 (which will be the only supported OS for
oVirt 4.4), if you do not want to use firewalld, might have to
convert/amend your scripts/conf to use nftables.
Best regards,
--
Didi