Mike Burns
2011-Jul-29 12:46 UTC
[Ovirt-devel] [PATCH node] Revert "remove libvirt port from default iptables configuration"
This reverts commit 4846dac6be0fe18937b94ced5f4f692970b6d95c. It turns out that vdsm does use the libvirt external port for vm migration, so revert this patch rhbz#715296 Signed-off-by: Mike Burns <mburns at redhat.com> --- recipe/ovirt16-post.ks | 4 ++++ recipe/rhevh6-post.ks | 4 ++++ 2 files changed, 8 insertions(+), 0 deletions(-) diff --git a/recipe/ovirt16-post.ks b/recipe/ovirt16-post.ks index 0229201..4c9ffd0 100644 --- a/recipe/ovirt16-post.ks +++ b/recipe/ovirt16-post.ks @@ -98,6 +98,8 @@ cat > /etc/sysconfig/iptables << \EOF -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT +# libvirt +-A INPUT -p tcp --dport 16509 -j ACCEPT # libvirt-cim -A INPUT -p tcp --dport 5989 -j ACCEPT # SSH @@ -123,6 +125,8 @@ cat > /etc/sysconfig/ip6tables << \EOF -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -i lo -j ACCEPT +# libvirt +-A INPUT -p tcp --dport 16509 -j ACCEPT # libvirt-cim -A INPUT -p tcp --dport 5989 -j ACCEPT # SSH diff --git a/recipe/rhevh6-post.ks b/recipe/rhevh6-post.ks index 8ca69cc..4ffb457 100644 --- a/recipe/rhevh6-post.ks +++ b/recipe/rhevh6-post.ks @@ -166,6 +166,8 @@ cat > /etc/sysconfig/iptables << \EOF -A INPUT -i lo -j ACCEPT # vdsm -A INPUT -p tcp --dport 54321 -j ACCEPT +# libvirt +-A INPUT -p tcp --dport 16509 -j ACCEPT # libvirt-cim -A INPUT -p tcp --dport 5989 -j ACCEPT # SSH @@ -191,6 +193,8 @@ cat > /etc/sysconfig/ip6tables << \EOF -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -i lo -j ACCEPT +# libvirt +-A INPUT -p tcp --dport 16509 -j ACCEPT # libvirt-cim -A INPUT -p tcp --dport 5989 -j ACCEPT # SSH -- 1.7.4.4
Mike Burns
2011-Jul-29 18:33 UTC
[Ovirt-devel] [PATCH node] Revert "remove libvirt port from default iptables configuration"
NACK Need the libvirt tls port open, not the 16509 Followup patch coming soon. On Fri, 2011-07-29 at 08:46 -0400, Mike Burns wrote:> This reverts commit 4846dac6be0fe18937b94ced5f4f692970b6d95c. > > It turns out that vdsm does use the libvirt external port for > vm migration, so revert this patch > > rhbz#715296 > > Signed-off-by: Mike Burns <mburns at redhat.com> > --- > recipe/ovirt16-post.ks | 4 ++++ > recipe/rhevh6-post.ks | 4 ++++ > 2 files changed, 8 insertions(+), 0 deletions(-) > > diff --git a/recipe/ovirt16-post.ks b/recipe/ovirt16-post.ks > index 0229201..4c9ffd0 100644 > --- a/recipe/ovirt16-post.ks > +++ b/recipe/ovirt16-post.ks > @@ -98,6 +98,8 @@ cat > /etc/sysconfig/iptables << \EOF > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > +# libvirt > +-A INPUT -p tcp --dport 16509 -j ACCEPT > # libvirt-cim > -A INPUT -p tcp --dport 5989 -j ACCEPT > # SSH > @@ -123,6 +125,8 @@ cat > /etc/sysconfig/ip6tables << \EOF > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p ipv6-icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > +# libvirt > +-A INPUT -p tcp --dport 16509 -j ACCEPT > # libvirt-cim > -A INPUT -p tcp --dport 5989 -j ACCEPT > # SSH > diff --git a/recipe/rhevh6-post.ks b/recipe/rhevh6-post.ks > index 8ca69cc..4ffb457 100644 > --- a/recipe/rhevh6-post.ks > +++ b/recipe/rhevh6-post.ks > @@ -166,6 +166,8 @@ cat > /etc/sysconfig/iptables << \EOF > -A INPUT -i lo -j ACCEPT > # vdsm > -A INPUT -p tcp --dport 54321 -j ACCEPT > +# libvirt > +-A INPUT -p tcp --dport 16509 -j ACCEPT > # libvirt-cim > -A INPUT -p tcp --dport 5989 -j ACCEPT > # SSH > @@ -191,6 +193,8 @@ cat > /etc/sysconfig/ip6tables << \EOF > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p ipv6-icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > +# libvirt > +-A INPUT -p tcp --dport 16509 -j ACCEPT > # libvirt-cim > -A INPUT -p tcp --dport 5989 -j ACCEPT > # SSH-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6117 bytes Desc: not available URL: <http://listman.redhat.com/archives/ovirt-devel/attachments/20110729/899b2a8c/attachment.bin>