[ovirt-users] Doubt about iptables host config
Gianluca Cecchi
gianluca.cecchi at gmail.com
Tue Oct 3 10:49:36 UTC 2017
On Tue, Oct 3, 2017 at 11:36 AM, Yedidyah Bar David <didi at redhat.com> wrote:
>
>
> I think it should be safe to manually edit /etc/sysconfig/iptables
> in that case.
>
> Of course, verify on a test system.
>
> Also, you might be happy to know that in 4.2 we'll support firewalld,
> which is much nicer to work with than patching/generating
> /etc/sysconfig/iptables.
> See also:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=995362
>
>
>
OK, thanks. It worked.
Nice to see the news about firewalld.
And if I want to do the same for the engine, that indeed is configured with
firewalld?
Currently on it I see this kind of configuration:
[root at ovmgr1 ~]# firewall-cmd --get-default-zone
public
[root at ovmgr1 ~]#
[root at ovmgr1 ~]# firewall-cmd --get-active-zones
public
interfaces: ens192
[root at ovmgr1 ~]#
It seems nrpe is already an usable predefined service:
[root at ovmgr1 ~]# firewall-cmd --get-services | tr -s ' ' '\n' | grep nrpe
nrpe
[root at ovmgr1 ~]#
So, based on current config, I can add it this way:
firewall-cmd --permanent --add-service=nrpe
firewall-cmd --reload
This way it should survive an engine reboot, but will it survive an
engine-setup command run when updating configuration or when upgrading
between minor/major updates?
Or should I manage also some oVirt managed files on engine?
Thanks,
Gianluca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20171003/e3870232/attachment.html>
More information about the Users
mailing list