Are you referring to /etc/sysconfig/iptables ? That's where the engine setup configures iptables, when I provision my nodes I select "Don't configure firewall" and let puppet manage my iptables rules for other reasons.. not sure if that was what you're asking

On Tue, Oct 1, 2013 at 11:16 PM, Sven Kieske <S.Kieske@mittwald.de> wrote:

Hi,

we have an test environment with ovirt 3.3 installed on various
hardware nodes.

The management node is installed on an centos 6.4 x64 minimal.

The issue we are running into is, that some ovirt component
keeps resetting the iptables firewall configuration, denying
access to ports 80 and 443, which results in the web interface
being not accessible.

We do know that the engine-setup initially configures the
firewall, but through which scripts does iptables get configured?

Are there some database entries for this?

If you need any logfiles for this, please let me know.

Currently we have disabled iptables, as it's just an test environment.

We read about some "vdsm bootstrap script" (e.g. BZ 893680), may this be
related?

However we didn't find out where this scripts resides.

Also vvyazmin@redhat.com posted in this BZ: "not a bug".

I don't see why you shouldn't be able to ping the hypervisor in the
management lan? this is useful for monitoring and network debugging.

ICMP is no danger at all.

Kind regards

Sven Kieske
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users