[ovirt-users] Hosts firewall custom setup
Yedidyah Bar David
didi at redhat.com
Mon Feb 26 14:00:18 UTC 2018
On Mon, Feb 26, 2018 at 3:49 PM, Nicolas Ecarnot <nicolas at ecarnot.net> wrote:
> Le 26/02/2018 à 14:03, Yedidyah Bar David a écrit :
>>
>> On Mon, Feb 26, 2018 at 2:01 PM, Nicolas Ecarnot <nicolas at ecarnot.net>
>> wrote:
>>>
>>> Hello,
>>>
>>> On oVirt 4.2.1.7, I'm trying to setup custom iptables rules as I'm doing
>>> since years with engine-config --set IPTablesConfigSiteCustom="blah blah
>>> blah".
>>>
>>> On my hosts, I can see in my hosts that /etc/sysconfig/iptables does
>>> contain
>>> the correct custom rules I added, but when manually checking with
>>> iptables
>>> -L, I don't see my rules active.
>>>
>>> On my hosts, I see that the iptables services is stopped and disabled,
>>> and
>>> that the firewalld service is up and running.
>>>
>>> That explains why iptables customization has no effect.
>>
>>
>> Indeed.
>>
>> IIRC the type of firewall is now set per cluster or something like that,
>> not
>> sure about the details - adding Ondra.
>
>
> Per cluster, one can indeed choose the firewall type.
> I suppose it translates on the hosts into the activation of the adequate
> service.
> But how do we add custom rules in case of firewalld type?
Please see: https://ovirt.org/blog/2017/12/host-deploy-customization/
Best regards,
>
> On the hosts, I imagine that could translate into changes in :
> /etc/firewalld/zones/public.xml
>
> --
> Nicolas ECARNOT
--
Didi
More information about the Users
mailing list