[Ovirt-devel] [PATCH server] finally enabling iptables support

Joey Boggs jboggs at redhat.com
Tue Feb 17 21:46:10 UTC 2009 

---
 .../appliances/ovirt-appliance/ovirt-appliance.pp  |    3 ++-
 installer/bin/ovirt-installer                      |    4 +++-
 installer/modules/ovirt/manifests/cobbler.pp       |    5 ++---
 installer/modules/ovirt/manifests/dhcp.pp          |    4 ++++
 installer/modules/ovirt/manifests/dns.pp           |    4 ++++
 installer/modules/ovirt/manifests/freeipa.pp       |    8 ++++++--
 installer/modules/ovirt/manifests/ovirt.pp         |    7 ++++++-
 7 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/installer/appliances/ovirt-appliance/ovirt-appliance.pp b/installer/appliances/ovirt-appliance/ovirt-appliance.pp
index 88581ca..125edf9 100644
--- a/installer/appliances/ovirt-appliance/ovirt-appliance.pp
+++ b/installer/appliances/ovirt-appliance/ovirt-appliance.pp
@@ -2,7 +2,8 @@
 import 'ovirt'
 import 'firewall'
 
-firewall::setup{'setup': status => 'disabled'}
+firewall::setup{'setup': status => 'enabled'}
+firewall_rule{"ssh": destination_port => "22"}
 
 # dns configuration
 $mgmt_ipaddr = '192.168.50.2'
diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer
index 222c57b..90e5018 100755
--- a/installer/bin/ovirt-installer
+++ b/installer/bin/ovirt-installer
@@ -222,9 +222,11 @@ template = <<END_OF_TEMPLATE
 import 'ovirt'
 import 'firewall'
 firewall::setup{'setup':
-    status => 'disabled'
+    status => 'enabled'
 }
 
+firewall_rule{"ssh": destination_port => "22"}
+
 #DNS Configuration
 $mgmt_ipaddr = '<%= mgmt_ipaddr %>'
 $prov_ipaddr = '<%= prov_ipaddr %>'
diff --git a/installer/modules/ovirt/manifests/cobbler.pp b/installer/modules/ovirt/manifests/cobbler.pp
index c2f66ca..3ffe205 100644
--- a/installer/modules/ovirt/manifests/cobbler.pp
+++ b/installer/modules/ovirt/manifests/cobbler.pp
@@ -108,9 +108,8 @@ class cobbler::bundled {
         require => Package["cobbler"]
     }
 
-#       firewall_rule{"69": destination_port => "69"}
-#	firewall_rule{"25150": destination_port => "25150"}
-#	firewall_rule{"25151": destination_port => "25151"}
+	firewall_rule{"25150": destination_port => "25150"}
+	firewall_rule{"25151": destination_port => "25151"}
 
       file {"/usr/sbin/cobbler-import":
               source => "puppet:///ovirt/cobbler-import",
diff --git a/installer/modules/ovirt/manifests/dhcp.pp b/installer/modules/ovirt/manifests/dhcp.pp
index c5c8f9a..8127646 100644
--- a/installer/modules/ovirt/manifests/dhcp.pp
+++ b/installer/modules/ovirt/manifests/dhcp.pp
@@ -31,4 +31,8 @@ class dhcp::bundled {
                 command => "/usr/share/ace/modules/ovirt/files/dns_entries.sh $dhcp_start $dhcp_stop $dhcp_network $dhcp_domain",
 	}
 
+        firewall_rule {"tftp": destination_port => '69', protocol => 'udp'}
+        firewall_rule {"dhcpd": destination_port => '68', protocol => 'udp'}
+        firewall_rule {"bootp": destination_port => '67', protocol => 'udp'}
+
 }
diff --git a/installer/modules/ovirt/manifests/dns.pp b/installer/modules/ovirt/manifests/dns.pp
index 7498f77..98d9942 100644
--- a/installer/modules/ovirt/manifests/dns.pp
+++ b/installer/modules/ovirt/manifests/dns.pp
@@ -82,6 +82,10 @@ define dns::bundled($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="")
 	        "set HOSTNAME $ipa_host"
         ]
     }
+
+        firewall_rule {"named": destination_port => '53'}
+        firewall_rule {"named-udp": destination_port => '53', protocol => 'udp'}
+
 }
 
 define dns::remote($mgmt_ipaddr="", $prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
diff --git a/installer/modules/ovirt/manifests/freeipa.pp b/installer/modules/ovirt/manifests/freeipa.pp
index f639d46..ea92ee5 100644
--- a/installer/modules/ovirt/manifests/freeipa.pp
+++ b/installer/modules/ovirt/manifests/freeipa.pp
@@ -89,8 +89,12 @@ class freeipa::bundled{
                 require => Single_exec[ipa_ovirtadmin_group]
         }
 
-#	firewall_rule{"krb5": destination_port => "88"}
-#	firewall_rule {"ldap": destination_port => '389'}
+       firewall_rule{"krb5": destination_port => "88"}
+       firewall_rule {"ldap": destination_port => '389'}
+       firewall_rule {"freeip-636": destination_port => '636'}
+       firewall_rule {"freeipa-464": destination_port => '464'}
+       firewall_rule {"freeipa-88-udp": destination_port => '88', protocol => 'udp'}
+       firewall_rule {"freeipa-464-udp": destination_port => '464', protocol => 'udp'} 
 
 }
 
diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
index c81b6f2..9bc1dce 100644
--- a/installer/modules/ovirt/manifests/ovirt.pp
+++ b/installer/modules/ovirt/manifests/ovirt.pp
@@ -175,6 +175,11 @@ class ovirt::setup {
                 enable => false
     }
 
-#	firewall_rule{"http": destination_port => "80"}
+        firewall_rule{"http": destination_port => "80"}
+        firewall_rule {"https": destination_port => '443'}
+        firewall_rule {"host-browser": destination_port => '12120'}
+        firewall_rule {"qpidd": destination_port => '5672'}
+        firewall_rule {"collectd": destination_port => '25826', protocol => 'udp'}
+        firewall_rule {"ntpd": destination_port => '123', protocol => 'udp'}
 
 }
-- 
1.6.0.6

More information about the ovirt-devel mailing list