Hello All, thanks for the replies.
As far as I can tell with limited experience, Firewalld is supported on both engine-setup and when adding a Centos7 host. I made a first attempt to translate the resulting Firewalld rules to a Shorewalld setup, this failed. I will look into this further. Greetings, J. 2015-11-01 10:20 GMT+01:00 Yedidyah Bar David <d...@redhat.com>: > On Fri, Oct 30, 2015 at 7:03 PM, Jiri Belka <jbe...@redhat.com> wrote: > >> From: "Johan Vermeulen" <jameslas...@gmail.com> > >> To: "users" <users@ovirt.org> > >> Sent: Wednesday, October 28, 2015 4:13:49 PM > >> Subject: [ovirt-users] Ovirt and Shorewall > > > >> Hello All, > > > >> I'm still experimenting with Ovirt-setup. > >> Because Centos/Rhel7 now have Firewalld, and because I still have some > >> Centos6 > >> machines with Iptables, I was kinda hoping to use Shorewall on both. > > > >> Is there any support/documentation for this in the Ovirt-world? > > > > On RHEL 7, ovirt 3.6 puts vdsm ("hypervisor" host) firewall rules > > as xml file into firewalld directory. > > > > It is open-source, check engine-setup source and maybe you can propose > > diffs for another fw frontend support. > > engine-setup supports firewalld, and the code is designed to be > extensible so that we can add support for other firewall managers, > even with an external plugin packaged separately. Never tried this > myself, though. > > engine-setup affects only the firewall on the machine running the engine > itself. > > Support for the engine, so that it properly populates the firewall on > the hosts, is a different matter. There is [1] to track this for > firewalld. > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=995362 > > Best, > -- > Didi >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users