Yeah, we added our own rules with system-config-firewall-tui but somehow ovirt-engine seems to override these custom set values after some time, we couldn't find out until now what keeps changing the iptables, there seems to be some kind of automatic script called "vdsm bootstrap script" which does configure the firewall, but we are not sure this is the reason why the iptables entries for ports 80 and 443 keep vanishing. So I'm asking for information what components of ovirt are capable of changing iptables and in which way do these components do this? Are these components started automatically in any way? I couldn't find anything in the docs related to this, even not in the RedHat docs regarding RHEV. Kind Regards Sven On 01/10/13 16:36, Andrew Lau wrote:
Are you referring to /etc/sysconfig/iptables ? That's where the engine setup configures iptables, when I provision my nodes I select "Don't configure firewall" and let puppet manage my iptables rules for other reasons.. not sure if that was what you're asking