Ovirt devel - Jul 2008 - [PATCH REPOST]: Configure iptables on the managed node

I totally forgot the COMMIT line in the iptables stuff; not sure how it worked
last time without that.  Anyway, here is the updated patch; ignore the last one.

One of the side-effects of the SELinux support that recently went into
livecd-tools (and is now in Fedora 9) is that it runs lokkit at the end of
installation.  This results in the default firewall being applied to the managed
node.  In general, this is a good thing, but we need to customize that firewall
to allow incoming ssh and incoming libvirt, at the very least (there may be more
in the future).  The attached patch just configures the firewall in %post, and
with this in place I can successfully ssh into the managed node and use remote
libvirt commands.

Signed-off-by: Chris Lalancette <clalance at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ovirt-iptables-2.patch
Type: text/x-patch
Size: 979 bytes
Desc: not available
URL:
<http://listman.redhat.com/archives/ovirt-devel/attachments/20080709/f31bf186/attachment.bin>

ACK

Chris Lalancette wrote:
> I totally forgot the COMMIT line in the iptables stuff; not sure how it
worked
> last time without that.  Anyway, here is the updated patch; ignore the last
one.
> 
> One of the side-effects of the SELinux support that recently went into
> livecd-tools (and is now in Fedora 9) is that it runs lokkit at the end of
> installation.  This results in the default firewall being applied to the
managed
> node.  In general, this is a good thing, but we need to customize that
firewall
> to allow incoming ssh and incoming libvirt, at the very least (there may be
more
> in the future).  The attached patch just configures the firewall in %post,
and
> with this in place I can successfully ssh into the managed node and use
remote
> libvirt commands.
Committed

Chris Lalancette