Juan Hernandez has posted comments on this change. Change subject: packaging: use default INPUT chain ......................................................................
Patch Set 1: Looks good to me, but someone else must approve (2 inline comments) .................................................... File packaging/fedora/setup/engine-setup.py Line 915: Line 916: for portCfg in ports: Line 917: for protocol in portCfg["protocol"]: Line 918: lines.append( Line 919: "-A INPUT -p %s -m state --state NEW -m %s --dport %s -j ACCEPT" % ( Why are you making the "--match tcp" explicit? Did you find any problem with that? It is ok by me, but I would appreciate if you comment it. Line 920: protocol, Line 921: protocol, Line 922: portCfg["port"] Line 923: ) .................................................... File packaging/fedora/setup/iptables.default Line 6: :OUTPUT ACCEPT [52:9697] Line 7: -A INPUT -i lo -j ACCEPT Line 8: -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT Line 9: -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT Line 10: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT Shorter, simpler, better! Line 11: @CUSTOM_RULES@ Line 12: #drop all rule Line 13: -A INPUT -j REJECT --reject-with icmp-host-prohibited -- To view, visit http://gerrit.ovirt.org/8377 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I8cfbabc31c964c9ff2374e32e1c65d3611f0883c Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Alex Lourie <alou...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Moran Goldboim <mgold...@redhat.com> Gerrit-Reviewer: Ofer Schreiber <oschr...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
