----- Original Message -----
From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Chris Adams" <cma@cmadams.net> Cc: users@ovirt.org Sent: Monday, November 17, 2014 8:53:25 PM Subject: Re: [ovirt-users] iptables management
----- Original Message -----
From: "Chris Adams" <cma@cmadams.net> To: users@ovirt.org Sent: Monday, November 17, 2014 8:48:59 PM Subject: [ovirt-users] iptables management
During setup, I allowed the script to change iptables rules. Is this necessary? Also, is it an "active" management (where oVirt will make changes), or just a one-time thing?
Just to clarify - it's a "one-time", per run of engine-setup as Alon explained. The engine does not touch iptables of its machine.
I ask because I have some other iptables setup I want (such as limited SSH access), and I don't want to make changes to iptables that oVirt will override later or anything like that.
I guess you mean engine setup, right? Each time you run engine-setup you will be prompt if you want to override iptables settings. If you choose to override, the current settings will be backed up and you can diff and re-apply your own.
And since recently (will be in 3.6 when it's out) we also try to notify when manual changes were made to iptables since previous engine-setup, see [1]. [1] http://gerrit.ovirt.org/33085
If you choose to keep your settings, setup will write the iptables rules into own location and you can diff and apply the changes manually.
And also show details on the console in the end of engine-setup. -- Didi