Sandro Bonazzola has posted comments on this change. Change subject: packaging: setup: update firewall for all services ......................................................................
Patch Set 3: Code-Review+1 Patch Set 2: >> if iptables is used and user added his own customization he will lose it. >> He'll lose it anyway, even without this change. We overwrite iptables on >> upgrade. > if that's true this is bad! and should be fixed. I agree, but fixing iptables should be done in another patch. With firewalld this patch do the right thing, ensuring that if during upgrade or setup after restore the user enables websocket proxy the firewall opens the right ports. With iptables we should drop the current implementation processing a template for using iptables command and add/remove only the rules we need on setup and cleanup and use iptables-save for saving the result. -- To view, visit http://gerrit.ovirt.org/20737 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: If3c1a634b2e8539ebd604205b5487290c8d8a1a9 Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yedidyah Bar David <d...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Ofer Schreiber <oschr...@redhat.com> Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com> Gerrit-Reviewer: Yedidyah Bar David <d...@redhat.com> Gerrit-HasComments: No _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
