[Ovirt-devel] [PATCH node] Revert "remove libvirt port from default iptables configuration"
Mike Burns
mburns at redhat.com
Fri Jul 29 18:33:58 UTC 2011
NACK
Need the libvirt tls port open, not the 16509
Followup patch coming soon.
On Fri, 2011-07-29 at 08:46 -0400, Mike Burns wrote:
> This reverts commit 4846dac6be0fe18937b94ced5f4f692970b6d95c.
>
> It turns out that vdsm does use the libvirt external port for
> vm migration, so revert this patch
>
> rhbz#715296
>
> Signed-off-by: Mike Burns <mburns at redhat.com>
> ---
> recipe/ovirt16-post.ks | 4 ++++
> recipe/rhevh6-post.ks | 4 ++++
> 2 files changed, 8 insertions(+), 0 deletions(-)
>
> diff --git a/recipe/ovirt16-post.ks b/recipe/ovirt16-post.ks
> index 0229201..4c9ffd0 100644
> --- a/recipe/ovirt16-post.ks
> +++ b/recipe/ovirt16-post.ks
> @@ -98,6 +98,8 @@ cat > /etc/sysconfig/iptables << \EOF
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> +# libvirt
> +-A INPUT -p tcp --dport 16509 -j ACCEPT
> # libvirt-cim
> -A INPUT -p tcp --dport 5989 -j ACCEPT
> # SSH
> @@ -123,6 +125,8 @@ cat > /etc/sysconfig/ip6tables << \EOF
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p ipv6-icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> +# libvirt
> +-A INPUT -p tcp --dport 16509 -j ACCEPT
> # libvirt-cim
> -A INPUT -p tcp --dport 5989 -j ACCEPT
> # SSH
> diff --git a/recipe/rhevh6-post.ks b/recipe/rhevh6-post.ks
> index 8ca69cc..4ffb457 100644
> --- a/recipe/rhevh6-post.ks
> +++ b/recipe/rhevh6-post.ks
> @@ -166,6 +166,8 @@ cat > /etc/sysconfig/iptables << \EOF
> -A INPUT -i lo -j ACCEPT
> # vdsm
> -A INPUT -p tcp --dport 54321 -j ACCEPT
> +# libvirt
> +-A INPUT -p tcp --dport 16509 -j ACCEPT
> # libvirt-cim
> -A INPUT -p tcp --dport 5989 -j ACCEPT
> # SSH
> @@ -191,6 +193,8 @@ cat > /etc/sysconfig/ip6tables << \EOF
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p ipv6-icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> +# libvirt
> +-A INPUT -p tcp --dport 16509 -j ACCEPT
> # libvirt-cim
> -A INPUT -p tcp --dport 5989 -j ACCEPT
> # SSH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6117 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/ovirt-devel/attachments/20110729/899b2a8c/attachment.bin>
More information about the ovirt-devel
mailing list