[ovirt-users] Ovirt and Shorewall

[Johan Vermeulen]

Hello All,

thanks for the replies.

As far as I can tell with limited experience, Firewalld is supported on
both engine-setup and
when adding a Centos7 host.
I made a first attempt to translate the resulting Firewalld rules to a
Shorewalld setup, this failed.
I will look into this further.
Greetings, J.

2015-11-01 10:20 GMT+01:00 Yedidyah Bar David <didi at redhat.com>:

> On Fri, Oct 30, 2015 at 7:03 PM, Jiri Belka <jbelka at redhat.com> wrote:
> >> From: "Johan Vermeulen" <jameslast29 at gmail.com>
> >> To: "users" <users at ovirt.org>
> >> Sent: Wednesday, October 28, 2015 4:13:49 PM
> >> Subject: [ovirt-users] Ovirt and Shorewall
> >
> >> Hello All,
> >
> >> I'm still experimenting with Ovirt-setup.
> >> Because Centos/Rhel7 now have Firewalld, and because I still have some
> >> Centos6
> >> machines with Iptables, I was kinda hoping to use Shorewall on both.
> >
> >> Is there any support/documentation for this in the Ovirt-world?
> >
> > On RHEL 7, ovirt 3.6 puts vdsm ("hypervisor" host) firewall rules
> > as xml file into firewalld directory.
> >
> > It is open-source, check engine-setup source and maybe you can propose
> > diffs for another fw frontend support.
>
> engine-setup supports firewalld, and the code is designed to be
> extensible so that we can add support for other firewall managers,
> even with an external plugin packaged separately. Never tried this
> myself, though.
>
> engine-setup affects only the firewall on the machine running the engine
> itself.
>
> Support for the engine, so that it properly populates the firewall on
> the hosts, is a different matter. There is [1] to track this for
> firewalld.
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=995362
>
> Best,
> --
> Didi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151102/14f49a55/attachment-0001.html>