[ovirt-users] iptables management
Yedidyah Bar David
didi at redhat.com
Tue Nov 18 06:47:39 UTC 2014
----- Original Message -----
> From: "Alon Bar-Lev" <alonbl at redhat.com>
> To: "Chris Adams" <cma at cmadams.net>
> Cc: users at ovirt.org
> Sent: Monday, November 17, 2014 8:53:25 PM
> Subject: Re: [ovirt-users] iptables management
>
>
>
> ----- Original Message -----
> > From: "Chris Adams" <cma at cmadams.net>
> > To: users at ovirt.org
> > Sent: Monday, November 17, 2014 8:48:59 PM
> > Subject: [ovirt-users] iptables management
> >
> > During setup, I allowed the script to change iptables rules. Is this
> > necessary? Also, is it an "active" management (where oVirt will make
> > changes), or just a one-time thing?
Just to clarify - it's a "one-time", per run of engine-setup as Alon explained.
The engine does not touch iptables of its machine.
> >
> > I ask because I have some other iptables setup I want (such as limited
> > SSH access), and I don't want to make changes to iptables that oVirt
> > will override later or anything like that.
>
> I guess you mean engine setup, right?
> Each time you run engine-setup you will be prompt if you want to override
> iptables settings.
> If you choose to override, the current settings will be backed up and you can
> diff and re-apply your own.
And since recently (will be in 3.6 when it's out) we also try to notify
when manual changes were made to iptables since previous engine-setup, see [1].
[1] http://gerrit.ovirt.org/33085
> If you choose to keep your settings, setup will write the iptables rules into
> own location and you can diff and apply the changes manually.
And also show details on the console in the end of engine-setup.
--
Didi
More information about the Users
mailing list