Re: [ovirt-users] Doubt about iptables host config
On Tue, Oct 3, 2017 at 11:36 AM, Yedidyah Bar David <didi(a)redhat.com> wrote:
I think it should be safe to manually edit /etc/sysconfig/iptables
in that case.
Of course, verify on a test system.
Also, you might be happy to know that in 4.2 we'll support firewalld,
which is much nicer to work with than patching/generating
/etc/sysconfig/iptables.
See also:
https://bugzilla.redhat.com/show_bug.cgi?id=995362
OK, thanks. It worked.
Nice to see the news about firewalld.
And if I want to do the same for the engine, that indeed is configured with
firewalld?
Currently on it I see this kind of configuration:
[root@ovmgr1 ~]# firewall-cmd --get-default-zone
public
[root@ovmgr1 ~]#
[root@ovmgr1 ~]# firewall-cmd --get-active-zones
public
interfaces: ens192
[root@ovmgr1 ~]#
It seems nrpe is already an usable predefined service:
[root@ovmgr1 ~]# firewall-cmd --get-services | tr -s ' ' '\n' | grep nrpe
nrpe
[root@ovmgr1 ~]#
So, based on current config, I can add it this way:
firewall-cmd --permanent --add-service=nrpe
firewall-cmd --reload
This way it should survive an engine reboot, but will it survive an
engine-setup command run when updating configuration or when upgrading
between minor/major updates?
Or should I manage also some oVirt managed files on engine?
Thanks,
Gianluca
Attachments:
- attachment.html (text/html — 3.0 KB)