[ovirt-users] Hosts firewall custom setup

Nicolas Ecarnot nicolas at ecarnot.net
Mon Feb 26 12:01:38 UTC 2018


Hello,

On oVirt 4.2.1.7, I'm trying to setup custom iptables rules as I'm doing 
since years with engine-config --set IPTablesConfigSiteCustom="blah blah 
blah".

On my hosts, I can see in my hosts that /etc/sysconfig/iptables does 
contain the correct custom rules I added, but when manually checking 
with iptables -L, I don't see my rules active.

On my hosts, I see that the iptables services is stopped and disabled, 
and that the firewalld service is up and running.

That explains why iptables customization has no effect.

In the engine setup, I see that 
/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf contains :
OVESETUP_CONFIG/firewallManager=none:None

I'm confused about this setting : when running engine-setup, I'm not 
sure to understand if answering yes to the question about the firewall 
will modify the engine, the hosts, or all of them?

Actually, I'd like my engine to stay with a disabled firewall, but my 
hosts with an active one.

Is it true to say that this is not an option and I have to answer yes, 
enable the firewall on the engine, allowing the 
OVESETUP_CONFIG/firewallManager option to be set up (to firewalld or 
iptables), thus allowing the spread of this setup towards the hosts?

Thank you.

-- 
Nicolas ECARNOT


More information about the Users mailing list