[ovirt-users] Question about firewall on hypervisor

Yedidyah Bar David didi at redhat.com
Wed Apr 5 09:28:50 UTC 2017


On Wed, Apr 5, 2017 at 10:08 AM, Gianluca Cecchi
<gianluca.cecchi at gmail.com> wrote:
> Suppose I want to disable firewall at already installed hypervisor side (eg
> because I want to setup OVN and currently if I remember correctly it needs
> to be disabled for that),

IIUC it does provide firewalld service files, no?

Never tried or read anything about it, I only know this from
reviewing related patches...

https://gerrit.ovirt.org/74021

It does mean you need to disable iptables, enable firewalld, and
handle firewalld on your own (the engine won't help you).

An alternative is to manually find out the ports you need open
and add them to IPTablesConfigSiteCustom. This only affects
hosts during (re)installation.

> can I simply disable the related services through
>
> systemctl stop iptables
> systemctl disable iptables
>
> systemctl stop firewalld
> systemctl disable firewalld
>
> Or is anything else to do at hypervisor and/or engine side?
> I don't see anything in web admin gui editing the host, while when I add the
> host there is the checkbox "Automatically configure host firewall"....

Indeed.

The engine does not manage the firewall on hosts except during deploy.

See also:

https://www.ovirt.org/blog/2016/12/extension-iptables-rules-oVirt-hosts/

Best,

>
> Thanks,
> Gianluca
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



-- 
Didi


More information about the Users mailing list