> From: "Giuseppe Ragusa" <[email protected]> > To: "Yedidyah Bar David" <[email protected]> > Cc: "[email protected]" <[email protected]> > Sent: Tuesday, March 25, 2014 11:49:36 PM > Subject: RE: [Users] Otopi pre-seeded answers and firewall settings
> Hi Didi, > many thanks for your invaluable help! > I'll try your suggestion > (/etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf) asap and then I > will report back. > By the way: I have a really custom iptables setup (multiple separated > networks on hypervisor hosts), so I suppose it's best to hand tune firewall > rules and then leave them alone (I pre-configure them, so the setup > procedure won't be impeded in its communication needs anyway AND I will > always guarantee the most stringent filtering possible with default deny > ecc.). I now asked Sandro and he told me the obvious: In the "New Host" form there is a checkbox for that :-) In hosted-engine we do not support that, it's always set - ' override_iptables=True ' in [1]. You can open a bug if you want, to make this configurable. It might make sense to use the value input in the question about iptables, but these are different issues. [1] http://gerrit.ovirt.org/gitweb?p=ovirt-hosted-engine-setup.git;a=blob;f=src/plugins/ovirt-hosted-engine-setup/engine/add_host.py -- Didi
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
