diff --git a/share/etc/oned.conf b/share/etc/oned.conf index 630303e906..3c4f9f629f 100644 --- a/share/etc/oned.conf +++ b/share/etc/oned.conf @@ -405,136 +405,6 @@ HM_MAD = [ # arguments = "$VMID" ] #------------------------------------------------------------------------------- -#******************************************************************************* -# Networking Hooks -#******************************************************************************* -# The following network hooks can be activated in order to manage network -# isolation and firewalls. -#******************************************************************************* -#------------------------------------------------------------------------------- -# Firewall -#------------------------------------------------------------------------------- -# -# Firewalling rules activated in the physical host executing the VM. Can be used -# to filter TCP and UDP ports, and to define a policy for ICMP connections. To -# use it specify under the NIC section of the VM one or more of the following -# attributes: -# -# - WHITE_PORTS_TCP = iptables_range -# Permits access to the VM only through the specified ports in the TCP -# protocol. Supersedes BLACK_PORTS_TCP if defined. -# -# - BLACK_PORTS_TCP = iptables_range -# Doesn't permit access to the VM through the specified ports in the TCP -# protocol. Superseded by WHITE_PORTS_TCP if defined. -# -# - WHITE_PORTS_UDP = iptables_range -# Permits access to the VM only through the specified ports in the UDP -# protocol. Supersedes BLACK_PORTS_UDP if defined. -# -# - BLACK_PORTS_UDP = iptables_range -# Doesn't permit access to the VM through the specified ports in the UDP -# protocol. Superseded by WHITE_PORTS_UDP if defined. -# -# - ICMP = no | drop -# Blocks ICMP connections to the VM. By default it's enabled. -# -# This hook requires the sudoers file to be configured so oneadmin can execute -# iptables without a password. -# -#------------------------------------------------------------------------------- -# -# VM_HOOK = [ -# name = "firewall-on", -# on = "RUNNING", -# command = "vnm/firewall", -# arguments = "on $TEMPLATE", -# remote = "yes" ] -# -# VM_HOOK = [ -# name = "firewall-off", -# on = "DONE", -# command = "vnm/firewall", -# arguments = "off $TEMPLATE", -# remote = "yes" ] -#------------------------------------------------------------------------------- -# Host-managed VLANs -#------------------------------------------------------------------------------- -# -# Network isolation provided through host-managed vlans. This hook will create a -# bridge for each OpenNebula virtual network and attach a tagged network -# interface to the bridge. -# -# For this hook to be effective you need to specify the attribute PHYDEV in your -# VNET template, which should contain the name of the physical network interface -# each VM should be attached to. If BRIDGE is not defined it will be -# automatically generated. -# -# In order to use this hook you need to: -# - load module 8021q -# - install vconfig -# - configure passwordless sudo in the worker nodes for oneadmin for these -# commands: brctl, ip, vconfig. -# -#------------------------------------------------------------------------------- -# -# VM_HOOK = [ -# name = "hm-vlan", -# on = "PROLOG", -# command = "vnm/hm-vlan", -# arguments = "$TEMPLATE", -# remote = "yes" ] -# -#------------------------------------------------------------------------------- -# Ebtables Network Isolation -#------------------------------------------------------------------------------- -# -# Network isolation provided through ebtables rules applied on the bridges. This -# method will only permit isolation with a mask of 255.255.255.0. -# -# This hook requires the sudoers file to be configured so oneadmin can execute -# ebtables without a password, and the ebtables package to be installed. -# -#------------------------------------------------------------------------------- -# -# VM_HOOK = [ -# name = "ebtables-vlan-on", -# on = "RUNNING", -# command = "vnm/ebtables-vlan", -# arguments = "on $TEMPLATE", -# remote = "yes" ] -# -# VM_HOOK = [ -# name = "ebtables-vlan-off", -# on = "DONE", -# command = "vnm/ebtables-vlan", -# arguments = "off $TEMPLATE", -# remote = "yes" ] -# -#------------------------------------------------------------------------------- -# Open vSwitch Network Isolation -#------------------------------------------------------------------------------- -# -# Network isolation provided through Open vSwitch. Each virtual network -# interface will receive an VLAN tag enabling network isolation. -# -# This hook requires Open vSwitch to be installed along with the Open vSwitch -# compatibility layer for Linux bridging, on each worker node. -# See http://openvswitch.org/ for more information. -# -# Passwordless sudo permissions for oneadmin to execute ovs_vsctl. -# -#------------------------------------------------------------------------------- -# -# VM_HOOK = [ -# name = "openvswitch-vlan", -# on = "RUNNING", -# command = "vnm/openvswitch-vlan", -# arguments = "$TEMPLATE", -# remote = "yes" ] -# -#------------------------------------------------------------------------------- - #******************************************************************************* # Auth Manager Configuration #*******************************************************************************