thr3ads.net - Ovirt devel - [Ovirt-devel] [PATCH]: Remove bogus iptables physdev iptables rule in ovirt init script [Sep 2008]

If this information is useful, please help other people find it:
Share via:

Chris Lalancette

2008-Sep-02 08:40 UTC

[Ovirt-devel] [PATCH]: Remove bogus iptables physdev iptables rule in ovirt init script

Remove the setting up of the physdev-is-bridged rule in the ovirt init script.
    This is now being properly handled by the ovirt-host-creator %post section.
    
    Signed-off-by: Chris Lalancette <clalance at redhat.com>

diff --git a/ovirt-managed-node/scripts/ovirt b/ovirt-managed-node/scripts/ovirt
index ba1f20c..232da49 100644
--- a/ovirt-managed-node/scripts/ovirt
+++ b/ovirt-managed-node/scripts/ovirt
@@ -11,10 +11,6 @@
 . /etc/init.d/ovirt-functions
 
 start() {
-    # Regardless of how iptables is configured, we always need the physdev
bridge,
-    # and it needs to be at the front of the forward chain
-    iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-
     krb5_conf=/etc/krb5.conf
     krb5_tab=/etc/libvirt/krb5.tab
     # retrieve config from local oVirt partition if available

Perry N. Myers

2008-Sep-02 16:23 UTC

head link

[Ovirt-devel] [PATCH]: Remove bogus iptables physdev iptables rule in ovirt init script

Chris Lalancette wrote:>     Remove the setting up of the physdev-is-bridged rule in the ovirt init
script.
>     This is now being properly handled by the ovirt-host-creator %post
section.
>     
>     Signed-off-by: Chris Lalancette <clalance at redhat.com>
ACK.  For times when the ovirt-node is 'installed' on bare-metal F9,
we'll
have to provide an easy way for setting up bridges though which will 
include adding this iptables rule.

Perry
> diff --git a/ovirt-managed-node/scripts/ovirt
b/ovirt-managed-node/scripts/ovirt
> index ba1f20c..232da49 100644
> --- a/ovirt-managed-node/scripts/ovirt
> +++ b/ovirt-managed-node/scripts/ovirt
> @@ -11,10 +11,6 @@
>  . /etc/init.d/ovirt-functions
>  
>  start() {
> -    # Regardless of how iptables is configured, we always need the physdev
bridge,
> -    # and it needs to be at the front of the forward chain
> -    iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
> -
>      krb5_conf=/etc/krb5.conf
>      krb5_tab=/etc/libvirt/krb5.tab
>      # retrieve config from local oVirt partition if available
> 
> _______________________________________________
> Ovirt-devel mailing list
> Ovirt-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/ovirt-devel
-- 
|=-        Red Hat, Engineering, Emerging Technologies, Boston        -=|
|=-                     Email: pmyers at redhat.com                      -=|
|=-         Office: +1 412 474 3552   Mobile: +1 703 362 9622         -=|
|=- GnuPG: E65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D -=|

Ovirt devel - Sep 2008 - [PATCH]: Remove bogus iptables physdev iptables rule in ovirt init script

[Ovirt-devel] [PATCH]: Remove bogus iptables physdev iptables rule in ovirt init script

[Ovirt-devel] [PATCH]: Remove bogus iptables physdev iptables rule in ovirt init script