[ovirt-users] secure ovirt hosts 4.0
Yedidyah Bar David
didi at redhat.com
Wed Jul 13 05:49:51 UTC 2016
On Tue, Jul 12, 2016 at 10:22 AM, Yaniv Kaul <ykaul at redhat.com> wrote:
>
>
> On Mon, Jul 11, 2016 at 7:10 PM, Rafael Almeida
> <ralmeida at prefecturaloja.gob.ec> wrote:
>>
>> Hello, i need secure my hosts runining ovirt (vdsm-4.18.4.1-0) over centos
>> 7, this because oVirt installed on a minimal install of centos 7x, could
>> helpme by sending all required ports enabled for hosts.
For _hosts_, you can see the default iptables configuration that is configured
if you choose so when adding a host, buy running:
engine-config -g IPTablesConfig
You can also customize this by setting the config key IPTablesConfigSiteCustom,
which is empty by default.
>>
>> pd. selinux=disabled, firewalld=enabled
firewalld is not supported yet for hosts, see this:
https://bugzilla.redhat.com/show_bug.cgi?id=995362
>
>
> - We configure the firewall already for all required ports.
Indeed, if you choose so, which is the default.
Of course you can choose not to, and configure iptables by other
means, thus also limiting access to specific address ranges etc.
> - How is disabling selinux making anything more secure?
Indeed...?
Best,
> Y.
>
>> Thanks for the help
>>
>> Rafael Almeida Orellana
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
--
Didi
More information about the Users
mailing list