[ovirt-users] what should be the output of the default iptables rules?
Alon Bar-Lev
alonbl at redhat.com
Wed Nov 26 14:22:32 UTC 2014
----- Original Message -----
> From: "Arman Khalatyan" <arm2arm at gmail.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "users" <users at ovirt.org>
> Sent: Wednesday, November 26, 2014 12:50:41 PM
> Subject: Re: [ovirt-users] what should be the output of the default iptables rules?
>
> Thanks!
> So As I undertand it correctly the @CUSTOM_RULES@ will be overridden by
> engine-config --set IPTablesConfigSiteCustom=""?
yes, and also th virt and gluster hanks.
>
> ***********************************************************
>
> Dr. Arman Khalatyan eScience -SuperComputing Leibniz-Institut für
> Astrophysik Potsdam (AIP) An der Sternwarte 16, 14482 Potsdam, Germany
>
> ***********************************************************
>
>
> On Wed, Nov 26, 2014 at 11:24 AM, Alon Bar-Lev <alonbl at redhat.com> wrote:
>
> > You can look within
> > /usr/share/ovirt-engine/dbscripts/upgrade/pre_upgrade/0000_config.sql for
> > last instance of the value you seek (in most cases).
> >
> > IPTablesConfig:
> > ---
> > # oVirt default firewall configuration. Automatically generated by vdsm
> > bootstrap script.
> > *filter
> > :INPUT ACCEPT [0:0]
> > :FORWARD ACCEPT [0:0]
> > :OUTPUT ACCEPT [0:0]
> > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > -A INPUT -p icmp -j ACCEPT
> > -A INPUT -i lo -j ACCEPT
> > # vdsm
> > -A INPUT -p tcp --dport @VDSM_PORT@ -j ACCEPT
> > # SSH
> > -A INPUT -p tcp --dport @SSH_PORT@ -j ACCEPT
> > # snmp
> > -A INPUT -p udp --dport 161 -j ACCEPT
> >
> > @CUSTOM_RULES@
> >
> > # Reject any other input traffic
> > -A INPUT -j REJECT --reject-with icmp-host-prohibited
> > -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with
> > icmp-host-prohibited
> > COMMIT
> > ---
> >
> > ----- Original Message -----
> > > From: "Arman Khalatyan" <arm2arm at gmail.com>
> > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > Cc: "users" <users at ovirt.org>
> > > Sent: Wednesday, November 26, 2014 12:17:18 PM
> > > Subject: Re: [ovirt-users] what should be the output of the default
> > iptables rules?
> > >
> > > Sorry forgot to mention:
> > > Centos 6.6 ovirt 3.5.x, glusterfs 3.6.x, Storage type is iscsi
> > >
> > > ***********************************************************
> > >
> > > Dr. Arman Khalatyan eScience -SuperComputing Leibniz-Institut für
> > > Astrophysik Potsdam (AIP) An der Sternwarte 16, 14482 Potsdam, Germany
> > >
> > > ***********************************************************
> > >
> > >
> > > On Wed, Nov 26, 2014 at 11:13 AM, Alon Bar-Lev <alonbl at redhat.com>
> > wrote:
> > >
> > > >
> > > > What version do you use?
> > > >
> > > > ----- Original Message -----
> > > > > From: "Arman Khalatyan" <arm2arm at gmail.com>
> > > > > To: "users" <users at ovirt.org>
> > > > > Sent: Wednesday, November 26, 2014 12:00:10 PM
> > > > > Subject: [ovirt-users] what should be the output of the default
> > > > iptables rules?
> > > > >
> > > > > Hello,
> > > > > I was playing with custom iptables rules and something went wrong.
> > > > > Now my engine-config -g IPTablesConfig is empty.
> > > > >
> > > > > Can some one please give a hint what should be there??:)
> > > > >
> > > > > Thanks,
> > > > > Arman.
> > > > >
> > > > > ***********************************************************
> > > > > Dr. Arman Khalatyan eScience -SuperComputing Leibniz-Institut für
> > > > Astrophysik
> > > > > Potsdam (AIP) An der Sternwarte 16, 14482 Potsdam, Germany
> > > > > ***********************************************************
> > > > >
> > > > > _______________________________________________
> > > > > Users mailing list
> > > > > Users at ovirt.org
> > > > > http://lists.ovirt.org/mailman/listinfo/users
> > > > >
> > > >
> > >
> >
>
More information about the Users
mailing list