[ovirt-users] Hosts firewall custom setup

Martin Perina mperina at redhat.com
Mon Feb 26 14:06:07 UTC 2018

On Mon, Feb 26, 2018 at 2:49 PM, Nicolas Ecarnot <nicolas at ecarnot.net>

> Le 26/02/2018 à 14:03, Yedidyah Bar David a écrit :
>> On Mon, Feb 26, 2018 at 2:01 PM, Nicolas Ecarnot <nicolas at ecarnot.net>
>> wrote:
>>> Hello,
>>> On oVirt, I'm trying to setup custom iptables rules as I'm doing
>>> since years with engine-config --set IPTablesConfigSiteCustom="blah blah
>>> blah".
>>> On my hosts, I can see in my hosts that /etc/sysconfig/iptables does
>>> contain
>>> the correct custom rules I added, but when manually checking with
>>> iptables
>>> -L, I don't see my rules active.
>>> On my hosts, I see that the iptables services is stopped and disabled,
>>> and
>>> that the firewalld service is up and running.
>>> That explains why iptables customization has no effect.
>> Indeed.
>> IIRC the type of firewall is now set per cluster or something like that,
>> not
>> sure about the details - adding Ondra.
> Per cluster, one can indeed choose the firewall type.
> I suppose it translates on the hosts into the activation of the adequate
> service.
> But how do we add custom rules in case of firewalld type?
> On the hosts, I imagine that could translate into changes in :
> /etc/firewalld/zones/public.xml

​Please take a look at below RFE introducing firewalld support for host and
blog post to read about new possibilities to customize host-deploy process
(which also can be used for custom firewalld rules) in oVirt 4.2:


> --
> Nicolas ECARNOT
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180226/82d61892/attachment.html>

More information about the Users mailing list