On Mon, Apr 15, 2013 at 3:42 AM, Lori Jakab <loja...@cisco.com> wrote:
> On 04/13/2013 12:53 AM, Ben Pfaff wrote: > > On Fri, Apr 12, 2013 at 01:50:43PM -0700, Gurucharan Shetty wrote: > >> Till now, by default, we add firewall holes for > >> gre traffic. There may be users that do not use gre tunnels > >> and they may be surprised with this behavior. > > > > It would be nice to add a sentence or a paragraph mentioning why we > > leave the hole for XenServer. > > > > These two patches seem OK to me--I think this is a better approach > > overall--but I think it would be nice to complete our conversation > > with Lorand in the thread for the patch he posted, and try to reach > > consensus, before we apply them. > > I also lean towards keeping the ports closed by default, but I'm pretty > sure there will be several users bitten by this. Perhaps we can add a > paragraph to INSTALL.RHEL and INSTALL.XenServer (and the FAQ?) about > some tunnel ports needing holes in the firewall, and how to "properly" > configure OVS so the necessary ports are opened automatically on system > and OVS restart (and closed on OVS stop). > Thanks, I think we are all on the same page then. I will send in a patch for the documentation update. > > -Lori >
_______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
