[ovirt-users] Hosts firewall custom setup
Martin Perina
mperina at redhat.com
Mon Feb 26 14:06:07 UTC 2018
On Mon, Feb 26, 2018 at 2:49 PM, Nicolas Ecarnot <nicolas at ecarnot.net>
wrote:
> Le 26/02/2018 à 14:03, Yedidyah Bar David a écrit :
>
>> On Mon, Feb 26, 2018 at 2:01 PM, Nicolas Ecarnot <nicolas at ecarnot.net>
>> wrote:
>>
>>> Hello,
>>>
>>> On oVirt 4.2.1.7, I'm trying to setup custom iptables rules as I'm doing
>>> since years with engine-config --set IPTablesConfigSiteCustom="blah blah
>>> blah".
>>>
>>> On my hosts, I can see in my hosts that /etc/sysconfig/iptables does
>>> contain
>>> the correct custom rules I added, but when manually checking with
>>> iptables
>>> -L, I don't see my rules active.
>>>
>>> On my hosts, I see that the iptables services is stopped and disabled,
>>> and
>>> that the firewalld service is up and running.
>>>
>>> That explains why iptables customization has no effect.
>>>
>>
>> Indeed.
>>
>> IIRC the type of firewall is now set per cluster or something like that,
>> not
>> sure about the details - adding Ondra.
>>
>
> Per cluster, one can indeed choose the firewall type.
> I suppose it translates on the hosts into the activation of the adequate
> service.
> But how do we add custom rules in case of firewalld type?
>
> On the hosts, I imagine that could translate into changes in :
> /etc/firewalld/zones/public.xml
>
Please take a look at below RFE introducing firewalld support for host and
blog post to read about new possibilities to customize host-deploy process
(which also can be used for custom firewalld rules) in oVirt 4.2:
https://bugzilla.redhat.com/show_bug.cgi?id=995362
https://www.ovirt.org/blog/2017/12/host-deploy-customization/
> --
> Nicolas ECARNOT
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180226/82d61892/attachment.html>
More information about the Users
mailing list