On Wed, Apr 10, 2013 at 7:50 PM, Lorand Jakab <[email protected]> wrote:
> > Signed-off-by: Lorand Jakab <[email protected]> > It looks to me that for end users that do not plan to use any tunnels or only selected tunnels, adding firewall rules that punch holes by default for all the tunnels in OVS may not be a good idea. I sent 2 patches. One of them reverts my change for vxlan. The other removes the gre firewall hole for rhel. I am leaving the gre firewall hole for xenserver as-is because xenserver needs that for a different reason. Ref: http://openvswitch.org/pipermail/dev/2013-April/026597.html http://openvswitch.org/pipermail/dev/2013-April/026596.html Thanks, Guru > --- > rhel/etc_init.d_openvswitch | 1 + > xenserver/etc_init.d_openvswitch | 1 + > 2 files changed, 2 insertions(+) > > diff --git a/rhel/etc_init.d_openvswitch b/rhel/etc_init.d_openvswitch > index 3d79b6a..57c2afe 100755 > --- a/rhel/etc_init.d_openvswitch > +++ b/rhel/etc_init.d_openvswitch > @@ -50,6 +50,7 @@ start () { > > ovs_ctl --protocol=gre enable-protocol > ovs_ctl --protocol=udp --dport=8472 enable-protocol > + ovs_ctl --protocol=udp --dport=4341 enable-protocol > > touch /var/lock/subsys/openvswitch > } > diff --git a/xenserver/etc_init.d_openvswitch > b/xenserver/etc_init.d_openvswitch > index 6e94b92..80dd188 100755 > --- a/xenserver/etc_init.d_openvswitch > +++ b/xenserver/etc_init.d_openvswitch > @@ -83,6 +83,7 @@ start () { > > ovs_ctl --protocol=gre enable-protocol > ovs_ctl --protocol=udp --dport=8472 enable-protocol > + ovs_ctl --protocol=udp --dport=4341 enable-protocol > > touch /var/lock/subsys/openvswitch > } > -- > 1.8.1.5 > > _______________________________________________ > dev mailing list > [email protected] > http://openvswitch.org/mailman/listinfo/dev >
_______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
