On Mon, Apr 15, 2013 at 10:16:53AM -0700, Gurucharan Shetty wrote: > On Mon, Apr 15, 2013 at 3:42 AM, Lori Jakab <[email protected]> wrote: > > > On 04/13/2013 12:53 AM, Ben Pfaff wrote: > > > On Fri, Apr 12, 2013 at 01:50:43PM -0700, Gurucharan Shetty wrote: > > >> Till now, by default, we add firewall holes for > > >> gre traffic. There may be users that do not use gre tunnels > > >> and they may be surprised with this behavior. > > > > > > It would be nice to add a sentence or a paragraph mentioning why we > > > leave the hole for XenServer. > > > > > > These two patches seem OK to me--I think this is a better approach > > > overall--but I think it would be nice to complete our conversation > > > with Lorand in the thread for the patch he posted, and try to reach > > > consensus, before we apply them. > > > > I also lean towards keeping the ports closed by default, but I'm pretty > > sure there will be several users bitten by this. Perhaps we can add a > > paragraph to INSTALL.RHEL and INSTALL.XenServer (and the FAQ?) about > > some tunnel ports needing holes in the firewall, and how to "properly" > > configure OVS so the necessary ports are opened automatically on system > > and OVS restart (and closed on OVS stop). > > > > Thanks, I think we are all on the same page then. I will send in a patch > for the > documentation update.
Let's add an item to NEWS also. Thanks, Ben. _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
