[Ovirt-devel] [PATCH node] Revert "remove libvirt port from default iptables configuration"
Mike Burns
mburns at redhat.com
Fri Jul 29 12:46:05 UTC 2011
This reverts commit 4846dac6be0fe18937b94ced5f4f692970b6d95c.
It turns out that vdsm does use the libvirt external port for
vm migration, so revert this patch
rhbz#715296
Signed-off-by: Mike Burns <mburns at redhat.com>
---
recipe/ovirt16-post.ks | 4 ++++
recipe/rhevh6-post.ks | 4 ++++
2 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/recipe/ovirt16-post.ks b/recipe/ovirt16-post.ks
index 0229201..4c9ffd0 100644
--- a/recipe/ovirt16-post.ks
+++ b/recipe/ovirt16-post.ks
@@ -98,6 +98,8 @@ cat > /etc/sysconfig/iptables << \EOF
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
+# libvirt
+-A INPUT -p tcp --dport 16509 -j ACCEPT
# libvirt-cim
-A INPUT -p tcp --dport 5989 -j ACCEPT
# SSH
@@ -123,6 +125,8 @@ cat > /etc/sysconfig/ip6tables << \EOF
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
+# libvirt
+-A INPUT -p tcp --dport 16509 -j ACCEPT
# libvirt-cim
-A INPUT -p tcp --dport 5989 -j ACCEPT
# SSH
diff --git a/recipe/rhevh6-post.ks b/recipe/rhevh6-post.ks
index 8ca69cc..4ffb457 100644
--- a/recipe/rhevh6-post.ks
+++ b/recipe/rhevh6-post.ks
@@ -166,6 +166,8 @@ cat > /etc/sysconfig/iptables << \EOF
-A INPUT -i lo -j ACCEPT
# vdsm
-A INPUT -p tcp --dport 54321 -j ACCEPT
+# libvirt
+-A INPUT -p tcp --dport 16509 -j ACCEPT
# libvirt-cim
-A INPUT -p tcp --dport 5989 -j ACCEPT
# SSH
@@ -191,6 +193,8 @@ cat > /etc/sysconfig/ip6tables << \EOF
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
+# libvirt
+-A INPUT -p tcp --dport 16509 -j ACCEPT
# libvirt-cim
-A INPUT -p tcp --dport 5989 -j ACCEPT
# SSH
--
1.7.4.4
More information about the ovirt-devel
mailing list