[ovs-dev] [PATCH] rhel, xenserver: Punch holes through firewall for LISP

Gurucharan Shetty shettyg at nicira.com
Fri Apr 12 21:20:34 UTC 2013


On Wed, Apr 10, 2013 at 7:50 PM, Lorand Jakab <lojakab at cisco.com> wrote:

>
> Signed-off-by: Lorand Jakab <lojakab at cisco.com>
>

It looks to me that for end users that do not plan to use any tunnels or
only
selected tunnels, adding firewall rules that punch holes by default for all
the tunnels in OVS may not be a good idea.

I sent 2 patches. One of them reverts my change for vxlan. The other
removes the gre firewall hole for rhel.
I am leaving the gre firewall hole for xenserver as-is because xenserver
needs that for a different reason.

Ref:
http://openvswitch.org/pipermail/dev/2013-April/026597.html
http://openvswitch.org/pipermail/dev/2013-April/026596.html

Thanks,
Guru




> ---
>  rhel/etc_init.d_openvswitch      | 1 +
>  xenserver/etc_init.d_openvswitch | 1 +
>  2 files changed, 2 insertions(+)
>
> diff --git a/rhel/etc_init.d_openvswitch b/rhel/etc_init.d_openvswitch
> index 3d79b6a..57c2afe 100755
> --- a/rhel/etc_init.d_openvswitch
> +++ b/rhel/etc_init.d_openvswitch
> @@ -50,6 +50,7 @@ start () {
>
>      ovs_ctl --protocol=gre enable-protocol
>      ovs_ctl --protocol=udp --dport=8472 enable-protocol
> +    ovs_ctl --protocol=udp --dport=4341 enable-protocol
>
>      touch /var/lock/subsys/openvswitch
>  }
> diff --git a/xenserver/etc_init.d_openvswitch
> b/xenserver/etc_init.d_openvswitch
> index 6e94b92..80dd188 100755
> --- a/xenserver/etc_init.d_openvswitch
> +++ b/xenserver/etc_init.d_openvswitch
> @@ -83,6 +83,7 @@ start () {
>
>      ovs_ctl --protocol=gre enable-protocol
>      ovs_ctl --protocol=udp --dport=8472 enable-protocol
> +    ovs_ctl --protocol=udp --dport=4341 enable-protocol
>
>      touch /var/lock/subsys/openvswitch
>  }
> --
> 1.8.1.5
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-dev/attachments/20130412/a8c38d52/attachment-0003.html>


More information about the dev mailing list