Re: [ovirt-users] Hosts firewall custom setup
Le 26/02/2018 à 14:03, Yedidyah Bar David a écrit :
On Mon, Feb 26, 2018 at 2:01 PM, Nicolas Ecarnot
<nicolas(a)ecarnot.net> wrote:
> Hello,
>
> On oVirt 4.2.1.7, I'm trying to setup custom iptables rules as I'm doing
> since years with engine-config --set IPTablesConfigSiteCustom="blah blah
> blah".
>
> On my hosts, I can see in my hosts that /etc/sysconfig/iptables does contain
> the correct custom rules I added, but when manually checking with iptables
> -L, I don't see my rules active.
>
> On my hosts, I see that the iptables services is stopped and disabled, and
> that the firewalld service is up and running.
>
> That explains why iptables customization has no effect.
Indeed.
IIRC the type of firewall is now set per cluster or something like that, not
sure about the details - adding Ondra.
Per cluster, one can indeed choose the firewall type.
I suppose it translates on the hosts into the activation of the adequate
service.
But how do we add custom rules in case of firewalld type?
On the hosts, I imagine that could translate into changes in :
/etc/firewalld/zones/public.xml
--
Nicolas ECARNOT