5:34 p.m.
--_000_CFEB087021B1Eniklasvireonecom_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Correction of my bad english...
"can iptables be disabled if I never plan to use NAT:d guests?"
--_000_CFEB087021B1Eniklasvireonecom_
Content-Type: text/html; charset="iso-8859-1"
Content-ID: <F768B2C9567EA94C90DB90F44D51612D(a)eurprd04.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3Diso-8859-=
1">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Calibri, sans-serif;">
<div>Correction of my bad english…</div>
<span id=3D"OLK_SRC_BODY_SECTION">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-famil=
y: Calibri, sans-serif;">
<div>"can iptables be disabled if I never plan to use NAT:d
guests?&qu=
ot;</div>
<div><br>
</div>
</div>
</span>
</body>
</html>
--_000_CFEB087021B1Eniklasvireonecom_--
5:41 p.m.
New subject: iptables question
Yes it can be disabled, but why not just add the rules you need to
make it work properly?
Are you asking about iptables on the host or the guest? Are you
actually using firewalld, or is it really iptables?
You can add a log statement before the reject rule in
/etc/sysconfig/iptables to log a message to /var/log/messages to show
what is being blocked.
Then you can open those ports that show up in your log as necessary.
For example:
http://stackoverflow.com/questions/21771684/iptables-log-and-drop-in-one-...
HTH
On Tue, Jul 15, 2014 at 10:34 AM, Niklas Fondberg <niklas(a)vireone.com> wrote:
Correction of my bad english...
"can iptables be disabled if I never plan to use NAT:d guests?"
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
6:33 p.m.
New subject: iptables question
Thanks. It is on my centos host which is located deep in my NW.
Regards,
Niklas
On 15 jul 2014, at 16:41, "White Hat"
<whitehat237(a)gmail.com> wrote:
Yes it can be disabled, but why not just add the rules you need to
make it work properly?
Are you asking about iptables on the host or the guest? Are you
actually using firewalld, or is it really iptables?
You can add a log statement before the reject rule in
/etc/sysconfig/iptables to log a message to /var/log/messages to show
what is being blocked.
Then you can open those ports that show up in your log as necessary.
For example:
http://stackoverflow.com/questions/21771684/iptables-log-and-drop-in-one-...
HTH
> On Tue, Jul 15, 2014 at 10:34 AM, Niklas Fondberg <niklas(a)vireone.com> wrote:
> Correction of my bad english...
> "can iptables be disabled if I never plan to use NAT:d guests?"
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
6:43 p.m.
New subject: iptables question
You can modify the IPTablesConfig using engine-config utility to control what goes into
host.
In 3.5.0 you can use the IPTablesConfigSiteCustom in order to push some custom rules
without breaking future upgrades.
----- Original Message -----
From: "Niklas Fondberg" <niklas(a)vireone.com>
To: "White Hat" <whitehat237(a)gmail.com>
Cc: "users" <users(a)ovirt.org>
Sent: Tuesday, July 15, 2014 6:33:15 PM
Subject: Re: [ovirt-users] iptables question
Thanks. It is on my centos host which is located deep in my NW.
Regards,
Niklas
> On 15 jul 2014, at 16:41, "White Hat" <whitehat237(a)gmail.com>
wrote:
>
> Yes it can be disabled, but why not just add the rules you need to
> make it work properly?
>
> Are you asking about iptables on the host or the guest? Are you
> actually using firewalld, or is it really iptables?
>
> You can add a log statement before the reject rule in
> /etc/sysconfig/iptables to log a message to /var/log/messages to show
> what is being blocked.
>
> Then you can open those ports that show up in your log as necessary.
>
> For example:
> http://stackoverflow.com/questions/21771684/iptables-log-and-drop-in-one-...
>
> HTH
>
>> On Tue, Jul 15, 2014 at 10:34 AM, Niklas Fondberg <niklas(a)vireone.com>
>> wrote:
>> Correction of my bad english...
>> "can iptables be disabled if I never plan to use NAT:d guests?"
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
3831
days inactive
3831
days old
3 comments
3 participants
participants (3)
-
Alon Bar-Lev -
Niklas Fondberg -
White Hat