Question about firewall on hypervisor

Suppose I want to disable firewall at already installed hypervisor side (eg because I want to setup OVN and currently if I remember correctly it needs to be disabled for that), can I simply disable the related services through systemctl stop iptables systemctl disable iptables systemctl stop firewalld systemctl disable firewalld Or is anything else to do at hypervisor and/or engine side? I don't see anything in web admin gui editing the host, while when I add the host there is the checkbox "Automatically configure host firewall".... Thanks, Gianluca

On Wed, Apr 5, 2017 at 10:08 AM, Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:
Suppose I want to disable firewall at already installed hypervisor side (eg because I want to setup OVN and currently if I remember correctly it needs to be disabled for that),
IIUC it does provide firewalld service files, no? Never tried or read anything about it, I only know this from reviewing related patches... https://gerrit.ovirt.org/74021 It does mean you need to disable iptables, enable firewalld, and handle firewalld on your own (the engine won't help you). An alternative is to manually find out the ports you need open and add them to IPTablesConfigSiteCustom. This only affects hosts during (re)installation.
can I simply disable the related services through
systemctl stop iptables systemctl disable iptables
systemctl stop firewalld systemctl disable firewalld
Or is anything else to do at hypervisor and/or engine side? I don't see anything in web admin gui editing the host, while when I add the host there is the checkbox "Automatically configure host firewall"....
Indeed. The engine does not manage the firewall on hosts except during deploy. See also: https://www.ovirt.org/blog/2016/12/extension-iptables-rules-oVirt-hosts/ Best,
Thanks, Gianluca
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Didi
participants (2)
-
Gianluca Cecchi
-
Yedidyah Bar David