[ovirt-users] what should be the output of the default iptables rules?
Arman Khalatyan
arm2arm at gmail.com
Wed Nov 26 10:50:41 UTC 2014
Thanks!
So As I undertand it correctly the @CUSTOM_RULES@ will be overridden by
engine-config --set IPTablesConfigSiteCustom=""?
***********************************************************
Dr. Arman Khalatyan eScience -SuperComputing Leibniz-Institut für
Astrophysik Potsdam (AIP) An der Sternwarte 16, 14482 Potsdam, Germany
***********************************************************
On Wed, Nov 26, 2014 at 11:24 AM, Alon Bar-Lev <alonbl at redhat.com> wrote:
> You can look within
> /usr/share/ovirt-engine/dbscripts/upgrade/pre_upgrade/0000_config.sql for
> last instance of the value you seek (in most cases).
>
> IPTablesConfig:
> ---
> # oVirt default firewall configuration. Automatically generated by vdsm
> bootstrap script.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> # vdsm
> -A INPUT -p tcp --dport @VDSM_PORT@ -j ACCEPT
> # SSH
> -A INPUT -p tcp --dport @SSH_PORT@ -j ACCEPT
> # snmp
> -A INPUT -p udp --dport 161 -j ACCEPT
>
> @CUSTOM_RULES@
>
> # Reject any other input traffic
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with
> icmp-host-prohibited
> COMMIT
> ---
>
> ----- Original Message -----
> > From: "Arman Khalatyan" <arm2arm at gmail.com>
> > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > Cc: "users" <users at ovirt.org>
> > Sent: Wednesday, November 26, 2014 12:17:18 PM
> > Subject: Re: [ovirt-users] what should be the output of the default
> iptables rules?
> >
> > Sorry forgot to mention:
> > Centos 6.6 ovirt 3.5.x, glusterfs 3.6.x, Storage type is iscsi
> >
> > ***********************************************************
> >
> > Dr. Arman Khalatyan eScience -SuperComputing Leibniz-Institut für
> > Astrophysik Potsdam (AIP) An der Sternwarte 16, 14482 Potsdam, Germany
> >
> > ***********************************************************
> >
> >
> > On Wed, Nov 26, 2014 at 11:13 AM, Alon Bar-Lev <alonbl at redhat.com>
> wrote:
> >
> > >
> > > What version do you use?
> > >
> > > ----- Original Message -----
> > > > From: "Arman Khalatyan" <arm2arm at gmail.com>
> > > > To: "users" <users at ovirt.org>
> > > > Sent: Wednesday, November 26, 2014 12:00:10 PM
> > > > Subject: [ovirt-users] what should be the output of the default
> > > iptables rules?
> > > >
> > > > Hello,
> > > > I was playing with custom iptables rules and something went wrong.
> > > > Now my engine-config -g IPTablesConfig is empty.
> > > >
> > > > Can some one please give a hint what should be there??:)
> > > >
> > > > Thanks,
> > > > Arman.
> > > >
> > > > ***********************************************************
> > > > Dr. Arman Khalatyan eScience -SuperComputing Leibniz-Institut für
> > > Astrophysik
> > > > Potsdam (AIP) An der Sternwarte 16, 14482 Potsdam, Germany
> > > > ***********************************************************
> > > >
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at ovirt.org
> > > > http://lists.ovirt.org/mailman/listinfo/users
> > > >
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20141126/e9e088aa/attachment-0001.html>
More information about the Users
mailing list