You can modify the IPTablesConfig using engine-config utility to control what goes into host.
In 3.5.0 you can use the IPTablesConfigSiteCustom in order to push some custom rules without breaking future upgrades. ----- Original Message ----- > From: "Niklas Fondberg" <nik...@vireone.com> > To: "White Hat" <whitehat...@gmail.com> > Cc: "users" <users@ovirt.org> > Sent: Tuesday, July 15, 2014 6:33:15 PM > Subject: Re: [ovirt-users] iptables question > > Thanks. It is on my centos host which is located deep in my NW. > > > Regards, > Niklas > > > On 15 jul 2014, at 16:41, "White Hat" <whitehat...@gmail.com> wrote: > > > > Yes it can be disabled, but why not just add the rules you need to > > make it work properly? > > > > Are you asking about iptables on the host or the guest? Are you > > actually using firewalld, or is it really iptables? > > > > You can add a log statement before the reject rule in > > /etc/sysconfig/iptables to log a message to /var/log/messages to show > > what is being blocked. > > > > Then you can open those ports that show up in your log as necessary. > > > > For example: > > http://stackoverflow.com/questions/21771684/iptables-log-and-drop-in-one-rule > > > > HTH > > > >> On Tue, Jul 15, 2014 at 10:34 AM, Niklas Fondberg <nik...@vireone.com> > >> wrote: > >> Correction of my bad english... > >> "can iptables be disabled if I never plan to use NAT:d guests?" > >> > >> > >> _______________________________________________ > >> Users mailing list > >> Users@ovirt.org > >> http://lists.ovirt.org/mailman/listinfo/users > >> > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users