[ovirt-users] Firewall GARP not reachable to VM

2020-04-09 Thread k . betsis 
Hi all

Does anyone know how i can allow my Firewall VM cluster act as the default 
gateway to VMs within the same network?
I've configured the GARP functionality on the OPNSENSE firewalls (PFSENSE fork).
VMs within the same network can ping the firewall IP addresses successfully but 
not the GARP IP.
The ovirt network has been configured with the MAC Address Anti-spoofing to 
false.
One firewall has been configured with virtio network drivers and the with e1000 
both exhibiting the same behavior.

Currently all VMs have been configured with a default gateway the primary 
firewall.
Network workarounds using BGP and attributes can work, but are way to 
complicate to streamline for all VMs when a simple VRRP can do the job.

Any ideas what i am missing?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JL25NRQOTDQKKEKMLFGXFSEFNMG6SEBE/

Re: [ovirt-users] firewall node

2018-03-09 Thread Nicolas Ecarnot 

https://www.mail-archive.com/users@ovirt.org/msg46608.html


Le 09/03/2018 à 20:12, Fabrice SOLER a écrit :

Hello,

I am trying to open a port on the node.

For that, in the cluster configuration I have choosed firewalld, I have 
created the 
|*/etc/ovirt-engine/ansible/ovirt-host-deploy-post-tasks.yml* file.|


|
- name: Enable additional port on firewalld
   firewalld:
     port: "12345/tcp"
     permanent: yes
     immediate: yes
     state: enabled
|

|then I have rebooted the node like it is noticed on this link :
|

|https://www.ovirt.org/blog/2017/12/host-deploy-customization/
|

|On the node, after the reboot, I read the iptables (iptables -L) and 
the port is not open.

|

|I have just updated the engine and the node is 4.2.1.1.|

|Is there some change about the firewalld in this version ? (in 4.2.0 it 
worked)

|

|Sincerery
|

--


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




--
Nicolas ECARNOT
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] firewall node

2018-03-09 Thread Fabrice SOLER 

Hello,

I am trying to open a port on the node.

For that, in the cluster configuration I have choosed firewalld, I have 
created the 
|*/etc/ovirt-engine/ansible/ovirt-host-deploy-post-tasks.yml* file.|


|
- name: Enable additional port on firewalld
  firewalld:
    port: "12345/tcp"
    permanent: yes
    immediate: yes
    state: enabled
|

|then I have rebooted the node like it is noticed on this link :
|

|https://www.ovirt.org/blog/2017/12/host-deploy-customization/
|

|On the node, after the reboot, I read the iptables (iptables -L) and 
the port is not open.

|

|I have just updated the engine and the node is 4.2.1.1.|

|Is there some change about the firewalld in this version ? (in 4.2.0 it 
worked)

|

|Sincerery
|

--
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-05 Thread Chris Hunt 
I haven't don e it based on IP but I think you could set separate chains
per MAC or 802.1Q VLAN ID..

ebtables -A FORWARD -p IPv4 --ip-dst 172.16.1.4 -s -j DROP
or 
ebtables -A FORWARD -d 00:11:22:33:44:55 -j DROP

DROP actually drops to IPTABLES.  So, then you just setup iptables normally.  
This assumes you're running a bridge and watch out for  --physdev-in 


-Chris
On 6/5/2014 8:55 AM, Ovirt User wrote:
> hi chris,
>
> at node level ?
>
> Il giorno 03/giu/2014, alle ore 17:29, Ovirt User  ha 
> scritto:
>
>>  Hello Guys,
>>
>> i'm searching for a simple firewall solution ( deny some ports etc ).
>>
>> It is possibile configure a firewall in the node ? to protect the vm's ?
>>
>> Thanks
>> Lukas
>>
>>
>>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-05 Thread Ovirt User 
hi chris,

at node level ?

Il giorno 03/giu/2014, alle ore 17:29, Ovirt User  ha 
scritto:

>   Hello Guys,
> 
> i'm searching for a simple firewall solution ( deny some ports etc ).
> 
> It is possibile configure a firewall in the node ? to protect the vm's ?
> 
> Thanks
> Lukas
> 
> 
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-05 Thread Chris Hunt 
you could also do some transparent firewalling using ebtables to drop to
iptables, no?

-Chris
On 6/4/2014 10:44 PM, Ovirt User wrote:
> yes i know neutron, but really i don't want a server manage my L3 networks ! 
> :-) :-)) and you ?
>
> Il giorno 04/giu/2014, alle ore 22:15, Itamar Heim  ha 
> scritto:
>
>> On 06/04/2014 04:08 PM, Maurice James wrote:
>>> As far as I know the node cannot manage the firewall on the VM, just like 
>>> the node cannot manage the firewall of another node
>> try the Security Groups support in 3.4 via the neutron integration?
>> http://www.ovirt.org/Features/Detailed_OSN_Integration
>>
>>> - Original Message -
>>> From: "Ovirt User" 
>>> To: "Maurice James" 
>>> Cc: users@ovirt.org
>>> Sent: Wednesday, June 4, 2014 1:48:13 AM
>>> Subject: Re: [ovirt-users] Firewall?
>>>
>>> thanks i know that. :)
>>>
>>> i'm asking if it is possible manage firewall rules at node level , since 
>>> node manage networking for VM'S…
>>>
>>> anyone know that ?
>>>
>>> thanks
>>>
>>> Il giorno 04/giu/2014, alle ore 01:15, Maurice James 
>>>  ha scritto:
>>>
>>>> The VM becomes its own system, you will have to enable the firewall on the 
>>>> VM itself. Windows Firewall for Windows clients and Iptables or Firewalld 
>>>> for Linux clients
>>>>
>>>>
>>>> - Original Message -
>>>> From: "Ovirt User" 
>>>> To: "Maurice James" 
>>>> Cc: users@ovirt.org
>>>> Sent: Tuesday, June 3, 2014 3:33:10 PM
>>>> Subject: Re: [ovirt-users] Firewall?
>>>>
>>>> the vm's
>>>>
>>>> thanks
>>>>
>>>>
>>>> Il giorno 03/giu/2014, alle ore 17:39, Maurice James 
>>>>  ha scritto:
>>>>
>>>>> Do you want to protect the VMs or the manager?
>>>>>
>>>>>
>>>>> - Original Message -
>>>>> From: "Ovirt User" 
>>>>> To: users@ovirt.org
>>>>> Sent: Tuesday, June 3, 2014 11:29:23 AM
>>>>> Subject: [ovirt-users] Firewall?
>>>>>
>>>>>   Hello Guys,
>>>>>
>>>>> i'm searching for a simple firewall solution ( deny some ports etc ).
>>>>>
>>>>> It is possibile configure a firewall in the node ? to protect the vm's ?
>>>>>
>>>>> Thanks
>>>>> Lukas
>>>>>
>>>>>
>>>>>
>>>>> ___
>>>>> Users mailing list
>>>>> Users@ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-05 Thread Moti Asayag 


- Original Message -
> From: "Gianluca Cecchi" 
> To: "Livnat Peer" 
> Cc: users@ovirt.org
> Sent: Thursday, June 5, 2014 11:34:11 AM
> Subject: Re: [ovirt-users] Firewall?
> 
> On Thu, Jun 5, 2014 at 10:02 AM, Livnat Peer < lp...@redhat.com > wrote:
> 
> 
> 
> [snip]
> 
> 
> 
> 
> The security group is configured per VM, the rules are configured by the
> system on the node the VM is running on.
> 
> From the user perspective you need to configure a security group policy
> and then associate the VM with the relevant policy, there is also a
> default policy to which all VMs are associated by default.
> 
> To use this feature you need to use the oVirt-Neutron integration -
> http://www.ovirt.org/Features/Detailed_OSN_Integration#Security_groups
> 
> 
> How can I set more than one custom device property?
> 
> For example in my case when I had to use extnet I lose the security groups
> one...
> 
> before
> [root@tekkaman ovirt-engine]# engine-config -g CustomDeviceProperties
> CustomDeviceProperties: version: 3.0
> CustomDeviceProperties: version: 3.1
> CustomDeviceProperties: version: 3.2
> CustomDeviceProperties: version: 3.3
> CustomDeviceProperties: {type=interface;prop={ SecurityGroups=^(?:(?:[0-9a-
> fA-F]{8}-(?:[0-9a-fA-F]{4}-){ 3}[0-9a-fA-F]{12},
> *)*[0-9a-fA-F]{8}-(?:[0-9a-fA- F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.4
> 
> then
> [root@tekkaman ovirt-engine]# engine-config -s CustomDeviceProperties='{type=
> interface;prop={extnet=^[a-zA- Z0-9_ ---]+$}}'
> Please select a version:
> 1. 3.0
> 2. 3.1
> 3. 3.2
> 4. 3.3
> 5. 3.4
> 5
> 
> after:
> [root@tekkaman ovirt-engine]# engine-config -g CustomDeviceProperties
> CustomDeviceProperties: version: 3.0
> CustomDeviceProperties: version: 3.1
> CustomDeviceProperties: version: 3.2
> CustomDeviceProperties: version: 3.3
> CustomDeviceProperties: {type=interface;prop={extnet=^ [a-zA-Z0-9_ ---]+$}}
> version: 3.4
> 
> # systemctl restart ovirt-engine
> 
> What is the syntax to add extnet without deleting security groups one?
> 

See example on [1], modified a bit to fit you goal:

1. sudo engine-config -g CustomDeviceProperties --cver 3.4
2. Copy the SecurityGroups into variable PREVIOUS_PROPERTIES
   i.e. 
PREVIOUS_PROPERTIES="SecurityGroups=^(?:(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12},
 *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$" 
3. sudo engine-config -s 
"CustomDeviceProperties={type=interface;prop={$PREVIOUS_PROPERTIES;extnet=^ 
[a-zA-Z0-9_ ---]+$}}" --cver=3.4
4. Verify: sudo engine-config -g CustomDeviceProperties --cver 3.4
5. Restart ovirt-engine for changes to reload.

[1] https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof

> Thanks
> Gianluca
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-05 Thread Livnat Peer 
I'm adding Moti to provide the details

On 06/05/2014 11:34 AM, Gianluca Cecchi wrote:
> On Thu, Jun 5, 2014 at 10:02 AM, Livnat Peer  > wrote:
> 
> [snip]
> 
>  
> 
> 
> The security group is configured per VM, the rules are configured by the
> system on the node the VM is running on.
> 
> From the user perspective you need to configure a security group policy
> and then associate the VM with the relevant policy, there is also a
> default policy to which all VMs are associated by default.
> 
> To use this feature you need to use the oVirt-Neutron integration -
> http://www.ovirt.org/Features/Detailed_OSN_Integration#Security_groups
> 
> 
> How can I set more than one custom device property?
> 
> For example in my case when I had to use extnet I lose the security
> groups one...
> 
> before
> [root@tekkaman ovirt-engine]# engine-config -g CustomDeviceProperties
> CustomDeviceProperties:  version: 3.0
> CustomDeviceProperties:  version: 3.1
> CustomDeviceProperties:  version: 3.2
> CustomDeviceProperties:  version: 3.3
> CustomDeviceProperties:
> {type=interface;prop={SecurityGroups=^(?:(?:[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12},
> *)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.4
> 
> then
> [root@tekkaman ovirt-engine]# engine-config -s
> CustomDeviceProperties='{type=interface;prop={extnet=^[a-zA-Z0-9_ ---]+$}}'
> Please select a version:
> 1. 3.0
> 2. 3.1
> 3. 3.2
> 4. 3.3
> 5. 3.4
> 5
> 
> after:
> [root@tekkaman ovirt-engine]# engine-config -g CustomDeviceProperties
> CustomDeviceProperties:  version: 3.0
> CustomDeviceProperties:  version: 3.1
> CustomDeviceProperties:  version: 3.2
> CustomDeviceProperties:  version: 3.3
> CustomDeviceProperties: {type=interface;prop={extnet=^[a-zA-Z0-9_
> ---]+$}} version: 3.4
> 
> # systemctl restart ovirt-engine
> 
> What is the syntax to add extnet without deleting security groups one?
> 
> Thanks
> Gianluca

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-05 Thread Gianluca Cecchi 
On Thu, Jun 5, 2014 at 10:02 AM, Livnat Peer  wrote:

> [snip]
>


>
> The security group is configured per VM, the rules are configured by the
> system on the node the VM is running on.
>
> From the user perspective you need to configure a security group policy
> and then associate the VM with the relevant policy, there is also a
> default policy to which all VMs are associated by default.
>
> To use this feature you need to use the oVirt-Neutron integration -
> http://www.ovirt.org/Features/Detailed_OSN_Integration#Security_groups
>
>
How can I set more than one custom device property?

For example in my case when I had to use extnet I lose the security groups
one...

before
[root@tekkaman ovirt-engine]# engine-config -g CustomDeviceProperties
CustomDeviceProperties:  version: 3.0
CustomDeviceProperties:  version: 3.1
CustomDeviceProperties:  version: 3.2
CustomDeviceProperties:  version: 3.3
CustomDeviceProperties: {type=interface;prop={SecurityGroups=^(?:(?:[0-9a-
fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12},
*)*[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}|)$}} version: 3.4

then
[root@tekkaman ovirt-engine]# engine-config -s
CustomDeviceProperties='{type=interface;prop={extnet=^[a-zA-Z0-9_ ---]+$}}'
Please select a version:
1. 3.0
2. 3.1
3. 3.2
4. 3.3
5. 3.4
5

after:
[root@tekkaman ovirt-engine]# engine-config -g CustomDeviceProperties
CustomDeviceProperties:  version: 3.0
CustomDeviceProperties:  version: 3.1
CustomDeviceProperties:  version: 3.2
CustomDeviceProperties:  version: 3.3
CustomDeviceProperties: {type=interface;prop={extnet=^[a-zA-Z0-9_ ---]+$}}
version: 3.4

# systemctl restart ovirt-engine

What is the syntax to add extnet without deleting security groups one?

Thanks
Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-05 Thread Livnat Peer 
On 06/05/2014 09:37 AM, Ovirt User wrote:
> Thanks livnat,
> 
> but i don't really understand .
> 
> The security group feature defines iptables rules on the note itself.
> 
> About that: how can i define security group rules ? and in a cluster, they 
> are automatically propagated al all nodes ?
> 

The security group is configured per VM, the rules are configured by the
system on the node the VM is running on.

>From the user perspective you need to configure a security group policy
and then associate the VM with the relevant policy, there is also a
default policy to which all VMs are associated by default.

To use this feature you need to use the oVirt-Neutron integration -
http://www.ovirt.org/Features/Detailed_OSN_Integration#Security_groups

One caveat in this integration is that we did not handle VM migration yet.

> 
> Il giorno 03/giu/2014, alle ore 17:29, Ovirt User  ha 
> scritto:
> 
>>  Hello Guys,
>>
>> i'm searching for a simple firewall solution ( deny some ports etc ).
>>
>> It is possibile configure a firewall in the node ? to protect the vm's ?
>>
>> Thanks
>> Lukas
>>
>>
>>
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-04 Thread Ovirt User 
Thanks livnat,

but i don't really understand .

The security group feature defines iptables rules on the note itself.

About that: how can i define security group rules ? and in a cluster, they are 
automatically propagated al all nodes ?


Il giorno 03/giu/2014, alle ore 17:29, Ovirt User  ha 
scritto:

>   Hello Guys,
> 
> i'm searching for a simple firewall solution ( deny some ports etc ).
> 
> It is possibile configure a firewall in the node ? to protect the vm's ?
> 
> Thanks
> Lukas
> 
> 
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-04 Thread Livnat Peer 
On 06/05/2014 08:44 AM, Ovirt User wrote:
> yes i know neutron, but really i don't want a server manage my L3 networks ! 
> :-) :-)) and you ?
> 

The security group feature defines iptables rules on the node itself,
worth noting that this is not the firewall service in Neutron which is
running on the network node with L3 virtual router etc.


> Il giorno 04/giu/2014, alle ore 22:15, Itamar Heim  ha 
> scritto:
> 
>> On 06/04/2014 04:08 PM, Maurice James wrote:
>>> As far as I know the node cannot manage the firewall on the VM, just like 
>>> the node cannot manage the firewall of another node
>>
>> try the Security Groups support in 3.4 via the neutron integration?
>> http://www.ovirt.org/Features/Detailed_OSN_Integration
>>
>>>
>>> - Original Message -
>>> From: "Ovirt User" 
>>> To: "Maurice James" 
>>> Cc: users@ovirt.org
>>> Sent: Wednesday, June 4, 2014 1:48:13 AM
>>> Subject: Re: [ovirt-users] Firewall?
>>>
>>> thanks i know that. :)
>>>
>>> i'm asking if it is possible manage firewall rules at node level , since 
>>> node manage networking for VM'S…
>>>
>>> anyone know that ?
>>>
>>> thanks
>>>
>>> Il giorno 04/giu/2014, alle ore 01:15, Maurice James 
>>>  ha scritto:
>>>
>>>> The VM becomes its own system, you will have to enable the firewall on the 
>>>> VM itself. Windows Firewall for Windows clients and Iptables or Firewalld 
>>>> for Linux clients
>>>>
>>>>
>>>> - Original Message -
>>>> From: "Ovirt User" 
>>>> To: "Maurice James" 
>>>> Cc: users@ovirt.org
>>>> Sent: Tuesday, June 3, 2014 3:33:10 PM
>>>> Subject: Re: [ovirt-users] Firewall?
>>>>
>>>> the vm's
>>>>
>>>> thanks
>>>>
>>>>
>>>> Il giorno 03/giu/2014, alle ore 17:39, Maurice James 
>>>>  ha scritto:
>>>>
>>>>> Do you want to protect the VMs or the manager?
>>>>>
>>>>>
>>>>> - Original Message -
>>>>> From: "Ovirt User" 
>>>>> To: users@ovirt.org
>>>>> Sent: Tuesday, June 3, 2014 11:29:23 AM
>>>>> Subject: [ovirt-users] Firewall?
>>>>>
>>>>>   Hello Guys,
>>>>>
>>>>> i'm searching for a simple firewall solution ( deny some ports etc ).
>>>>>
>>>>> It is possibile configure a firewall in the node ? to protect the vm's ?
>>>>>
>>>>> Thanks
>>>>> Lukas
>>>>>
>>>>>
>>>>>
>>>>> ___
>>>>> Users mailing list
>>>>> Users@ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-04 Thread Ovirt User 
yes i know neutron, but really i don't want a server manage my L3 networks ! 
:-) :-)) and you ?

Il giorno 04/giu/2014, alle ore 22:15, Itamar Heim  ha 
scritto:

> On 06/04/2014 04:08 PM, Maurice James wrote:
>> As far as I know the node cannot manage the firewall on the VM, just like 
>> the node cannot manage the firewall of another node
> 
> try the Security Groups support in 3.4 via the neutron integration?
> http://www.ovirt.org/Features/Detailed_OSN_Integration
> 
>> 
>> - Original Message -
>> From: "Ovirt User" 
>> To: "Maurice James" 
>> Cc: users@ovirt.org
>> Sent: Wednesday, June 4, 2014 1:48:13 AM
>> Subject: Re: [ovirt-users] Firewall?
>> 
>> thanks i know that. :)
>> 
>> i'm asking if it is possible manage firewall rules at node level , since 
>> node manage networking for VM'S…
>> 
>> anyone know that ?
>> 
>> thanks
>> 
>> Il giorno 04/giu/2014, alle ore 01:15, Maurice James  
>> ha scritto:
>> 
>>> The VM becomes its own system, you will have to enable the firewall on the 
>>> VM itself. Windows Firewall for Windows clients and Iptables or Firewalld 
>>> for Linux clients
>>> 
>>> 
>>> - Original Message -
>>> From: "Ovirt User" 
>>> To: "Maurice James" 
>>> Cc: users@ovirt.org
>>> Sent: Tuesday, June 3, 2014 3:33:10 PM
>>> Subject: Re: [ovirt-users] Firewall?
>>> 
>>> the vm's
>>> 
>>> thanks
>>> 
>>> 
>>> Il giorno 03/giu/2014, alle ore 17:39, Maurice James 
>>>  ha scritto:
>>> 
>>>> Do you want to protect the VMs or the manager?
>>>> 
>>>> 
>>>> - Original Message -
>>>> From: "Ovirt User" 
>>>> To: users@ovirt.org
>>>> Sent: Tuesday, June 3, 2014 11:29:23 AM
>>>> Subject: [ovirt-users] Firewall?
>>>> 
>>>>Hello Guys,
>>>> 
>>>> i'm searching for a simple firewall solution ( deny some ports etc ).
>>>> 
>>>> It is possibile configure a firewall in the node ? to protect the vm's ?
>>>> 
>>>> Thanks
>>>> Lukas
>>>> 
>>>> 
>>>> 
>>>> ___
>>>> Users mailing list
>>>> Users@ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>> 
>> 
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>> 
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-04 Thread Itamar Heim 

On 06/04/2014 04:08 PM, Maurice James wrote:

As far as I know the node cannot manage the firewall on the VM, just like the 
node cannot manage the firewall of another node


try the Security Groups support in 3.4 via the neutron integration?
http://www.ovirt.org/Features/Detailed_OSN_Integration



- Original Message -
From: "Ovirt User" 
To: "Maurice James" 
Cc: users@ovirt.org
Sent: Wednesday, June 4, 2014 1:48:13 AM
Subject: Re: [ovirt-users] Firewall?

thanks i know that. :)

i'm asking if it is possible manage firewall rules at node level , since node 
manage networking for VM'S…

anyone know that ?

thanks

Il giorno 04/giu/2014, alle ore 01:15, Maurice James  ha 
scritto:


The VM becomes its own system, you will have to enable the firewall on the VM 
itself. Windows Firewall for Windows clients and Iptables or Firewalld for 
Linux clients


- Original Message -
From: "Ovirt User" 
To: "Maurice James" 
Cc: users@ovirt.org
Sent: Tuesday, June 3, 2014 3:33:10 PM
Subject: Re: [ovirt-users] Firewall?

the vm's

thanks


Il giorno 03/giu/2014, alle ore 17:39, Maurice James  ha 
scritto:


Do you want to protect the VMs or the manager?


- Original Message -
From: "Ovirt User" 
To: users@ovirt.org
Sent: Tuesday, June 3, 2014 11:29:23 AM
Subject: [ovirt-users] Firewall?

Hello Guys,

i'm searching for a simple firewall solution ( deny some ports etc ).

It is possibile configure a firewall in the node ? to protect the vm's ?

Thanks
Lukas



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-04 Thread Maurice James 
As far as I know the node cannot manage the firewall on the VM, just like the 
node cannot manage the firewall of another node 

- Original Message -
From: "Ovirt User" 
To: "Maurice James" 
Cc: users@ovirt.org
Sent: Wednesday, June 4, 2014 1:48:13 AM
Subject: Re: [ovirt-users] Firewall?

thanks i know that. :) 

i'm asking if it is possible manage firewall rules at node level , since node 
manage networking for VM'S…

anyone know that ?

thanks

Il giorno 04/giu/2014, alle ore 01:15, Maurice James  ha 
scritto:

> The VM becomes its own system, you will have to enable the firewall on the VM 
> itself. Windows Firewall for Windows clients and Iptables or Firewalld for 
> Linux clients
> 
> 
> - Original Message -
> From: "Ovirt User" 
> To: "Maurice James" 
> Cc: users@ovirt.org
> Sent: Tuesday, June 3, 2014 3:33:10 PM
> Subject: Re: [ovirt-users] Firewall?
> 
> the vm's
> 
> thanks
> 
> 
> Il giorno 03/giu/2014, alle ore 17:39, Maurice James  
> ha scritto:
> 
>> Do you want to protect the VMs or the manager?
>> 
>> 
>> ----- Original Message -
>> From: "Ovirt User" 
>> To: users@ovirt.org
>> Sent: Tuesday, June 3, 2014 11:29:23 AM
>> Subject: [ovirt-users] Firewall?
>> 
>>  Hello Guys,
>> 
>> i'm searching for a simple firewall solution ( deny some ports etc ).
>> 
>> It is possibile configure a firewall in the node ? to protect the vm's ?
>> 
>> Thanks
>> Lukas
>> 
>> 
>> 
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-03 Thread Ovirt User 
thanks i know that. :) 

i'm asking if it is possible manage firewall rules at node level , since node 
manage networking for VM'S…

anyone know that ?

thanks

Il giorno 04/giu/2014, alle ore 01:15, Maurice James  ha 
scritto:

> The VM becomes its own system, you will have to enable the firewall on the VM 
> itself. Windows Firewall for Windows clients and Iptables or Firewalld for 
> Linux clients
> 
> 
> - Original Message -
> From: "Ovirt User" 
> To: "Maurice James" 
> Cc: users@ovirt.org
> Sent: Tuesday, June 3, 2014 3:33:10 PM
> Subject: Re: [ovirt-users] Firewall?
> 
> the vm's
> 
> thanks
> 
> 
> Il giorno 03/giu/2014, alle ore 17:39, Maurice James  
> ha scritto:
> 
>> Do you want to protect the VMs or the manager?
>> 
>> 
>> - Original Message -----
>> From: "Ovirt User" 
>> To: users@ovirt.org
>> Sent: Tuesday, June 3, 2014 11:29:23 AM
>> Subject: [ovirt-users] Firewall?
>> 
>>  Hello Guys,
>> 
>> i'm searching for a simple firewall solution ( deny some ports etc ).
>> 
>> It is possibile configure a firewall in the node ? to protect the vm's ?
>> 
>> Thanks
>> Lukas
>> 
>> 
>> 
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-03 Thread Maurice James 
The VM becomes its own system, you will have to enable the firewall on the VM 
itself. Windows Firewall for Windows clients and Iptables or Firewalld for 
Linux clients


- Original Message -
From: "Ovirt User" 
To: "Maurice James" 
Cc: users@ovirt.org
Sent: Tuesday, June 3, 2014 3:33:10 PM
Subject: Re: [ovirt-users] Firewall?

the vm's

thanks


Il giorno 03/giu/2014, alle ore 17:39, Maurice James  ha 
scritto:

> Do you want to protect the VMs or the manager?
> 
> 
> - Original Message -
> From: "Ovirt User" 
> To: users@ovirt.org
> Sent: Tuesday, June 3, 2014 11:29:23 AM
> Subject: [ovirt-users] Firewall?
> 
>   Hello Guys,
> 
> i'm searching for a simple firewall solution ( deny some ports etc ).
> 
> It is possibile configure a firewall in the node ? to protect the vm's ?
> 
> Thanks
> Lukas
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-03 Thread Ovirt User 
the vm's

thanks


Il giorno 03/giu/2014, alle ore 17:39, Maurice James  ha 
scritto:

> Do you want to protect the VMs or the manager?
> 
> 
> - Original Message -
> From: "Ovirt User" 
> To: users@ovirt.org
> Sent: Tuesday, June 3, 2014 11:29:23 AM
> Subject: [ovirt-users] Firewall?
> 
>   Hello Guys,
> 
> i'm searching for a simple firewall solution ( deny some ports etc ).
> 
> It is possibile configure a firewall in the node ? to protect the vm's ?
> 
> Thanks
> Lukas
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Firewall?

2014-06-03 Thread Maurice James 
Do you want to protect the VMs or the manager?


- Original Message -
From: "Ovirt User" 
To: users@ovirt.org
Sent: Tuesday, June 3, 2014 11:29:23 AM
Subject: [ovirt-users] Firewall?

Hello Guys,

i'm searching for a simple firewall solution ( deny some ports etc ).

It is possibile configure a firewall in the node ? to protect the vm's ?

Thanks
Lukas



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Firewall?

2014-06-03 Thread Ovirt User 
Hello Guys,

i'm searching for a simple firewall solution ( deny some ports etc ).

It is possibile configure a firewall in the node ? to protect the vm's ?

Thanks
Lukas



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users