> From: "Giuseppe Ragusa" <giuseppe.rag...@hotmail.com> > To: "Yedidyah Bar David" <d...@redhat.com> > Cc: "Users@ovirt.org" <users@ovirt.org> > Sent: Tuesday, March 25, 2014 11:49:36 PM > Subject: RE: [Users] Otopi pre-seeded answers and firewall settings
> Hi Didi, > many thanks for your invaluable help! > I'll try your suggestion > (/etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf) asap and then I > will report back. > By the way: I have a really custom iptables setup (multiple separated > networks on hypervisor hosts), so I suppose it's best to hand tune firewall > rules and then leave them alone (I pre-configure them, so the setup > procedure won't be impeded in its communication needs anyway AND I will > always guarantee the most stringent filtering possible with default deny > ecc.). I now asked Sandro and he told me the obvious: In the "New Host" form there is a checkbox for that :-) In hosted-engine we do not support that, it's always set - ' override_iptables=True ' in [1]. You can open a bug if you want, to make this configurable. It might make sense to use the value input in the question about iptables, but these are different issues. [1] http://gerrit.ovirt.org/gitweb?p=ovirt-hosted-engine-setup.git;a=blob;f=src/plugins/ovirt-hosted-engine-setup/engine/add_host.py -- Didi
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users