[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Ovirt-devel] [PATCH]: Don't reject FORWARD chain on the managed node



    Duh.  We can't reject everything on the FORWARD chain, since we are basically
    forwarding all packets through from the guests.  Remove the rule from the
    chain completely; we might be able to do better later, but at least things
    work this way.
    
    Signed-off-by: Chris Lalancette <clalance redhat com>

diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks
index 37e2f43..a91a0c1 100644
--- a/ovirt-host-creator/common-post.ks
+++ b/ovirt-host-creator/common-post.ks
@@ -31,7 +31,6 @@ cat > /etc/sysconfig/iptables << \EOF
 -A INPUT -p tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp --dport 49152 -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -j REJECT --reject-with icmp-host-prohibited
 COMMIT
 EOF
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]