[ovirt-users] firewalld rule for ovirt host?

Jason Greene jason.greene at redhat.com
Wed Jan 21 18:29:27 UTC 2015


> On Jan 21, 2015, at 9:45 AM, Jorick Astrego <j.astrego at netbulae.eu> wrote:
> 
> Hi,
> 
> 
> 
> In the quickstart guide we have the iptables rules for a fedora 19 host,
> 
> 
> but currently we run firewalld on the host (Centos 7)
> 
> 
> 
> I've converted the rules to a service xml for the zone but I can't
> 
> 
> figure out the firewalld translation for "-A FORWARD -m physdev !
> 
> 
> --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited "
> 
> 
> 
> Anyone know how to do this in firewalld?
> 

DISCLAIMER: I am just a lowly user of ovirt/RHEL/Fedora

You can do almost anything you can do with iptables by using the passthrough option, although you have to make sure the rules fit the underlying iptables policy firewalld generates (by inspecting it afterwords).

The following should work:

firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT

--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat




More information about the Users mailing list