NFS firewall rule

How do I make it that when ever I add or reinstall a hardware node that oVirt creates a rule for NFS, port 2049? I have to either add it manually after ovirt removes it, or just tell ovirt not to touch firewall rules. Our ISO domain is not hosted by the ovirt-engine, fyi. ovirt-engine-3.6.3.4-1.el7.centos.noarch

On Fri, Mar 18, 2016 at 2:03 AM, Bill James <bill.james@j2.com> wrote:
How do I make it that when ever I add or reinstall a hardware node that oVirt creates a rule for NFS, port 2049?
Search for 'IPTablesConfigSiteCustom'. Best,
I have to either add it manually after ovirt removes it, or just tell ovirt not to touch firewall rules. Our ISO domain is not hosted by the ovirt-engine, fyi.
ovirt-engine-3.6.3.4-1.el7.centos.noarch
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Didi

I thought NFS was pretty standard in use on ovirt systems. Why does it take a custom setup to enable NFS in firewall rule? https://bugzilla.redhat.com/show_bug.cgi?id=1111513 added: engine-config --set IPTablesConfigSiteCustom="-A INPUT -p tcp -m multiport --dports 2049 -j ACCEPT" Thanks. On 03/19/2016 11:29 PM, Yedidyah Bar David wrote:
On Fri, Mar 18, 2016 at 2:03 AM, Bill James <bill.james@j2.com> wrote:
How do I make it that when ever I add or reinstall a hardware node that oVirt creates a rule for NFS, port 2049? Search for 'IPTablesConfigSiteCustom'.
Best,
I have to either add it manually after ovirt removes it, or just tell ovirt not to touch firewall rules. Our ISO domain is not hosted by the ovirt-engine, fyi.
ovirt-engine-3.6.3.4-1.el7.centos.noarch
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Cloud Services for Business www.j2.com j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered trademarks of j2 Global, Inc. and its affiliates.

On Tue, Mar 22, 2016 at 6:12 PM, Bill James <bill.james@j2.com> wrote:
I thought NFS was pretty standard in use on ovirt systems.
I guess it's very common on hosts as a client, not sure about server. I guess most setups use separate machines to host VMs and for storage.
Why does it take a custom setup to enable NFS in firewall rule?
The default rules open only, AFAIU, mandatory stuff - ports for vdsm communication, remote consoles, etc. Best,
https://bugzilla.redhat.com/show_bug.cgi?id=1111513
added: engine-config --set IPTablesConfigSiteCustom="-A INPUT -p tcp -m multiport --dports 2049 -j ACCEPT"
Thanks.
On 03/19/2016 11:29 PM, Yedidyah Bar David wrote:
On Fri, Mar 18, 2016 at 2:03 AM, Bill James <bill.james@j2.com> wrote:
How do I make it that when ever I add or reinstall a hardware node that oVirt creates a rule for NFS, port 2049?
Search for 'IPTablesConfigSiteCustom'.
Best,
I have to either add it manually after ovirt removes it, or just tell ovirt not to touch firewall rules. Our ISO domain is not hosted by the ovirt-engine, fyi.
ovirt-engine-3.6.3.4-1.el7.centos.noarch
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Cloud Services for Business www.j2.com j2 | eFax | eVoice | FuseMail | Campaigner | KeepItSafe | Onebox
This email, its contents and attachments contain information from j2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies. (c) 2015 j2 Global, Inc. All rights reserved. eFax, eVoice, Campaigner, FuseMail, KeepItSafe, and Onebox are registered trademarks of j2 Global, Inc. and its affiliates.
-- Didi
participants (2)
-
Bill James
-
Yedidyah Bar David