[ovs-dev] [PATCH 2/2] rhel: Remove the firewall hole that we create for gre.
Ben Pfaff
blp at nicira.com
Mon Apr 15 17:21:00 UTC 2013
On Mon, Apr 15, 2013 at 10:16:53AM -0700, Gurucharan Shetty wrote:
> On Mon, Apr 15, 2013 at 3:42 AM, Lori Jakab <lojakab at cisco.com> wrote:
>
> > On 04/13/2013 12:53 AM, Ben Pfaff wrote:
> > > On Fri, Apr 12, 2013 at 01:50:43PM -0700, Gurucharan Shetty wrote:
> > >> Till now, by default, we add firewall holes for
> > >> gre traffic. There may be users that do not use gre tunnels
> > >> and they may be surprised with this behavior.
> > >
> > > It would be nice to add a sentence or a paragraph mentioning why we
> > > leave the hole for XenServer.
> > >
> > > These two patches seem OK to me--I think this is a better approach
> > > overall--but I think it would be nice to complete our conversation
> > > with Lorand in the thread for the patch he posted, and try to reach
> > > consensus, before we apply them.
> >
> > I also lean towards keeping the ports closed by default, but I'm pretty
> > sure there will be several users bitten by this. Perhaps we can add a
> > paragraph to INSTALL.RHEL and INSTALL.XenServer (and the FAQ?) about
> > some tunnel ports needing holes in the firewall, and how to "properly"
> > configure OVS so the necessary ports are opened automatically on system
> > and OVS restart (and closed on OVS stop).
> >
>
> Thanks, I think we are all on the same page then. I will send in a patch
> for the
> documentation update.
Let's add an item to NEWS also.
Thanks,
Ben.
More information about the dev
mailing list