Chris Lalancette
2008-Jul-09 20:15 UTC
[Ovirt-devel] [PATCH REPOST]: Configure iptables on the managed node
I totally forgot the COMMIT line in the iptables stuff; not sure how it worked last time without that. Anyway, here is the updated patch; ignore the last one. One of the side-effects of the SELinux support that recently went into livecd-tools (and is now in Fedora 9) is that it runs lokkit at the end of installation. This results in the default firewall being applied to the managed node. In general, this is a good thing, but we need to customize that firewall to allow incoming ssh and incoming libvirt, at the very least (there may be more in the future). The attached patch just configures the firewall in %post, and with this in place I can successfully ssh into the managed node and use remote libvirt commands. Signed-off-by: Chris Lalancette <clalance at redhat.com> -------------- next part -------------- A non-text attachment was scrubbed... Name: ovirt-iptables-2.patch Type: text/x-patch Size: 979 bytes Desc: not available URL: <http://listman.redhat.com/archives/ovirt-devel/attachments/20080709/f31bf186/attachment.bin>
Alan Pevec
2008-Jul-09 20:50 UTC
[Ovirt-devel] [PATCH REPOST]: Configure iptables on the managed node
ACK
Chris Lalancette
2008-Jul-09 21:00 UTC
[Ovirt-devel] [PATCH REPOST]: Configure iptables on the managed node
Chris Lalancette wrote:> I totally forgot the COMMIT line in the iptables stuff; not sure how it worked > last time without that. Anyway, here is the updated patch; ignore the last one. > > One of the side-effects of the SELinux support that recently went into > livecd-tools (and is now in Fedora 9) is that it runs lokkit at the end of > installation. This results in the default firewall being applied to the managed > node. In general, this is a good thing, but we need to customize that firewall > to allow incoming ssh and incoming libvirt, at the very least (there may be more > in the future). The attached patch just configures the firewall in %post, and > with this in place I can successfully ssh into the managed node and use remote > libvirt commands.Committed Chris Lalancette