[ovirt-users] iptables management

Yedidyah Bar David didi at redhat.com
Tue Nov 18 01:47:39 EST 2014


----- Original Message -----
> From: "Alon Bar-Lev" <alonbl at redhat.com>
> To: "Chris Adams" <cma at cmadams.net>
> Cc: users at ovirt.org
> Sent: Monday, November 17, 2014 8:53:25 PM
> Subject: Re: [ovirt-users] iptables management
> 
> 
> 
> ----- Original Message -----
> > From: "Chris Adams" <cma at cmadams.net>
> > To: users at ovirt.org
> > Sent: Monday, November 17, 2014 8:48:59 PM
> > Subject: [ovirt-users] iptables management
> > 
> > During setup, I allowed the script to change iptables rules.  Is this
> > necessary?  Also, is it an "active" management (where oVirt will make
> > changes), or just a one-time thing?

Just to clarify - it's a "one-time", per run of engine-setup as Alon explained.
The engine does not touch iptables of its machine.

> > 
> > I ask because I have some other iptables setup I want (such as limited
> > SSH access), and I don't want to make changes to iptables that oVirt
> > will override later or anything like that.
> 
> I guess you mean engine setup, right?
> Each time you run engine-setup you will be prompt if you want to override
> iptables settings.
> If you choose to override, the current settings will be backed up and you can
> diff and re-apply your own.

And since recently (will be in 3.6 when it's out) we also try to notify
when manual changes were made to iptables since previous engine-setup, see [1].

[1] http://gerrit.ovirt.org/33085

> If you choose to keep your settings, setup will write the iptables rules into
> own location and you can diff and apply the changes manually.

And also show details on the console in the end of engine-setup.
-- 
Didi


More information about the Users mailing list