From what I've noticed /etc/sysconfig/iptables is only touched by ovirt when it does the initial install or upgrade. My iptables rules have been happily running for months..

ICMP returning an error/blocked message believe it's the last line in the iptables config file which ovirt configures in the initial install.

On Wed, Oct 2, 2013 at 5:40 PM, Sven Kieske <S.Kieske@mittwald.de> wrote:

Hi,

no, this is _no_ all in one installation, as was clearly stated in my
first messsage.
I do not try to run VMs on the management node.

Maybe I should rearrange my question:

What is the recommended way of adding additional iptables rules on the
management node? We need to make sure our additional rules do not get
overwritten by ovirt.

Can you just append rules to /etc/sysconfig/iptables
or does this file get overwritten under any circumstances from this
"vdsm bootstrap script" or any other ovirt related component?

Thanks

Sven

On 02/10/13 09:14, Yedidyah Bar David wrote:
> Hi,
>
> ----- Original Message -----
>> From: "Sven Kieske" <S.Kieske@mittwald.de>
>> To: "oVirt Users ML" <users@ovirt.org>
>> Sent: Wednesday, October 2, 2013 9:58:43 AM
>> Subject: Re: [Users] iptables settings/scripts ovirt 3.3
>>
>> Hi,
>>
>> thanks for your answer on list, Russ.
>> But I still don't know which mechanism(s?) do(es)
>> change firewall settings on the oVirt Management Node?
>
> Do you have on the management node also VDSM? The allinone plugin?
> Is that intended? You need it if you want to run VMs on it. VDSM
> manages networking on nodes (hypervisors), which includes the management
> node if you have chosen so during setup.
>
> Regards,
>

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users