On Mon, Feb 26, 2018 at 2:49 PM, Nicolas Ecarnot <nico...@ecarnot.net> wrote:
> Le 26/02/2018 à 14:03, Yedidyah Bar David a écrit : > >> On Mon, Feb 26, 2018 at 2:01 PM, Nicolas Ecarnot <nico...@ecarnot.net> >> wrote: >> >>> Hello, >>> >>> On oVirt 4.2.1.7, I'm trying to setup custom iptables rules as I'm doing >>> since years with engine-config --set IPTablesConfigSiteCustom="blah blah >>> blah". >>> >>> On my hosts, I can see in my hosts that /etc/sysconfig/iptables does >>> contain >>> the correct custom rules I added, but when manually checking with >>> iptables >>> -L, I don't see my rules active. >>> >>> On my hosts, I see that the iptables services is stopped and disabled, >>> and >>> that the firewalld service is up and running. >>> >>> That explains why iptables customization has no effect. >>> >> >> Indeed. >> >> IIRC the type of firewall is now set per cluster or something like that, >> not >> sure about the details - adding Ondra. >> > > Per cluster, one can indeed choose the firewall type. > I suppose it translates on the hosts into the activation of the adequate > service. > But how do we add custom rules in case of firewalld type? > > On the hosts, I imagine that could translate into changes in : > /etc/firewalld/zones/public.xml > Please take a look at below RFE introducing firewalld support for host and blog post to read about new possibilities to customize host-deploy process (which also can be used for custom firewalld rules) in oVirt 4.2: https://bugzilla.redhat.com/show_bug.cgi?id=995362 https://www.ovirt.org/blog/2017/12/host-deploy-customization/ > -- > Nicolas ECARNOT > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > -- Martin Perina Associate Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users