[ovirt-users] Ovirt and Shorewall
Yedidyah Bar David
didi at redhat.com
Sun Nov 1 09:20:01 UTC 2015
On Fri, Oct 30, 2015 at 7:03 PM, Jiri Belka <jbelka at redhat.com> wrote:
>> From: "Johan Vermeulen" <jameslast29 at gmail.com>
>> To: "users" <users at ovirt.org>
>> Sent: Wednesday, October 28, 2015 4:13:49 PM
>> Subject: [ovirt-users] Ovirt and Shorewall
>
>> Hello All,
>
>> I'm still experimenting with Ovirt-setup.
>> Because Centos/Rhel7 now have Firewalld, and because I still have some
>> Centos6
>> machines with Iptables, I was kinda hoping to use Shorewall on both.
>
>> Is there any support/documentation for this in the Ovirt-world?
>
> On RHEL 7, ovirt 3.6 puts vdsm ("hypervisor" host) firewall rules
> as xml file into firewalld directory.
>
> It is open-source, check engine-setup source and maybe you can propose
> diffs for another fw frontend support.
engine-setup supports firewalld, and the code is designed to be
extensible so that we can add support for other firewall managers,
even with an external plugin packaged separately. Never tried this
myself, though.
engine-setup affects only the firewall on the machine running the engine
itself.
Support for the engine, so that it properly populates the firewall on
the hosts, is a different matter. There is [1] to track this for
firewalld.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=995362
Best,
--
Didi
More information about the Users
mailing list