Feature #863: Remove networking hooks from oned.conf

2025-03-20 10:50:08 +03:00 · 2011-11-15 07:30:53 -08:00 · 2011-11-15 07:30:53 -08:00 · 9d50b437c6
commit 9d50b437c6
parent 87f0993904
1 changed files with 0 additions and 130 deletions
--- a/share/etc/oned.conf
+++ b/share/etc/oned.conf
@ -405,136 +405,6 @@ HM_MAD = [
 #   arguments = "$VMID" ]
 #-------------------------------------------------------------------------------

-#*******************************************************************************
-# Networking Hooks
-#*******************************************************************************
-# The following network hooks can be activated in order to manage network
-# isolation and firewalls.
-#*******************************************************************************
-#-------------------------------------------------------------------------------
-# Firewall
-#-------------------------------------------------------------------------------
-#
-# Firewalling rules activated in the physical host executing the VM. Can be used
-# to filter TCP and UDP ports, and to define a policy for ICMP connections. To
-# use it specify under the NIC section of the VM one or more of the following
-# attributes:
-#
-# - WHITE_PORTS_TCP = iptables_range
-#   Permits access to the VM only through the specified ports in the TCP
-#   protocol. Supersedes BLACK_PORTS_TCP if defined.
-#
-# - BLACK_PORTS_TCP = iptables_range
-#   Doesn't permit access to the VM through the specified ports in the TCP
-#   protocol. Superseded by WHITE_PORTS_TCP if defined.
-#
-# - WHITE_PORTS_UDP = iptables_range
-#   Permits access to the VM only through the specified ports in the UDP
-#   protocol. Supersedes BLACK_PORTS_UDP if defined.
-#
-# - BLACK_PORTS_UDP = iptables_range
-#   Doesn't permit access to the VM through the specified ports in the UDP
-#   protocol. Superseded by WHITE_PORTS_UDP if defined.
-#
-# - ICMP = no | drop
-#   Blocks ICMP connections to the VM. By default it's enabled.
-#
-# This hook requires  the sudoers file to be configured so oneadmin can execute
-# iptables without a password.
-#
-#-------------------------------------------------------------------------------
-#
-# VM_HOOK = [
-#     name      = "firewall-on",
-#     on        = "RUNNING",
-#     command   = "vnm/firewall",
-#     arguments = "on $TEMPLATE",
-#     remote    = "yes" ]
-#
-# VM_HOOK = [
-#     name      = "firewall-off",
-#     on        = "DONE",
-#     command   = "vnm/firewall",
-#     arguments = "off $TEMPLATE",
-#     remote    = "yes" ]
-#-------------------------------------------------------------------------------
-# Host-managed VLANs
-#-------------------------------------------------------------------------------
-#
-# Network isolation provided through host-managed vlans. This hook will create a
-# bridge for each OpenNebula virtual network and attach a tagged network
-# interface to the bridge.
-#
-# For this hook to be effective you need to specify the attribute PHYDEV in your
-# VNET template, which should contain the name of the physical network interface
-# each VM should be attached to. If BRIDGE is not defined it will be
-# automatically generated.
-#
-# In order to use this hook you need to:
-# - load module 8021q
-# - install vconfig
-# - configure passwordless sudo in the worker nodes for oneadmin for these
-#   commands: brctl, ip, vconfig.
-#
-#-------------------------------------------------------------------------------
-#
-# VM_HOOK = [
-#     name      = "hm-vlan",
-#     on        = "PROLOG",
-#     command   = "vnm/hm-vlan",
-#     arguments = "$TEMPLATE",
-#     remote    = "yes" ]
-#
-#-------------------------------------------------------------------------------
-# Ebtables Network Isolation
-#-------------------------------------------------------------------------------
-#
-# Network isolation provided through ebtables rules applied on the bridges. This
-# method will only permit isolation with a mask of 255.255.255.0.
-#
-# This hook requires the sudoers file to be configured so oneadmin can execute
-# ebtables without a password, and the ebtables package to be installed.
-#
-#-------------------------------------------------------------------------------
-#
-# VM_HOOK = [
-#     name      = "ebtables-vlan-on",
-#     on        = "RUNNING",
-#     command   = "vnm/ebtables-vlan",
-#     arguments = "on $TEMPLATE",
-#     remote    = "yes" ]
-#
-# VM_HOOK = [
-#     name      = "ebtables-vlan-off",
-#     on        = "DONE",
-#     command   = "vnm/ebtables-vlan",
-#     arguments = "off $TEMPLATE",
-#     remote    = "yes" ]
-#
-#-------------------------------------------------------------------------------
-# Open vSwitch Network Isolation
-#-------------------------------------------------------------------------------
-#
-# Network isolation provided through Open vSwitch. Each virtual network
-# interface will receive an VLAN tag enabling network isolation.
-#
-# This hook requires Open vSwitch to be installed along with the Open vSwitch
-# compatibility layer for Linux bridging, on each worker node.
-# See http://openvswitch.org/ for more information.
-#
-# Passwordless sudo permissions for oneadmin to execute ovs_vsctl.
-#
-#-------------------------------------------------------------------------------
-#
-# VM_HOOK = [
-#     name      = "openvswitch-vlan",
-#     on        = "RUNNING",
-#     command   = "vnm/openvswitch-vlan",
-#     arguments = "$TEMPLATE",
-#     remote    = "yes" ]
-#
-#-------------------------------------------------------------------------------
-
 #*******************************************************************************
 # Auth Manager Configuration
 #*******************************************************************************