[ovirt-users] Hosts firewall custom setup
Nicolas Ecarnot
nicolas at ecarnot.net
Mon Feb 26 12:01:38 UTC 2018
Hello,
On oVirt 4.2.1.7, I'm trying to setup custom iptables rules as I'm doing
since years with engine-config --set IPTablesConfigSiteCustom="blah blah
blah".
On my hosts, I can see in my hosts that /etc/sysconfig/iptables does
contain the correct custom rules I added, but when manually checking
with iptables -L, I don't see my rules active.
On my hosts, I see that the iptables services is stopped and disabled,
and that the firewalld service is up and running.
That explains why iptables customization has no effect.
In the engine setup, I see that
/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf contains :
OVESETUP_CONFIG/firewallManager=none:None
I'm confused about this setting : when running engine-setup, I'm not
sure to understand if answering yes to the question about the firewall
will modify the engine, the hosts, or all of them?
Actually, I'd like my engine to stay with a disabled firewall, but my
hosts with an active one.
Is it true to say that this is not an option and I have to answer yes,
enable the firewall on the engine, allowing the
OVESETUP_CONFIG/firewallManager option to be set up (to firewalld or
iptables), thus allowing the spread of this setup towards the hosts?
Thank you.
--
Nicolas ECARNOT
More information about the Users
mailing list