Description of problem: `hosted-engine --deploy` supports iptables detection and configuration. Since Fedora 18 and RHEL 7, FirewallD is the preferred front-end to iptables. The old iptables-save files are no longer used and manually running iptables commands is dangerous. Version-Release number of selected component (if applicable): 3.4 How reproducible: Always Steps to Reproduce: 1. Run `hosted-engine --deploy` 2. It will offer to configure iptables but won't use FirewallD. Expected results: FirewallD is a great iptables front-end that is now the default on all new Red Hat Linux products (Fedora, RHEL, and CentOS). It needs to be supported. Fallback to iptables is acceptable, but there needs to be an effort to look for FirewallD on the DBus system bus. Additional info: The good news is that I have already written 75% of the code for FreeIPA to have FirewallD configuration support with iptables fall-back. The code can mostly be used without modification in oVirt to make things easier.
*** This bug has been marked as a duplicate of bug 1075687 ***
(In reply to justin.brown1.1 from comment #0) > The good news is that I have already written 75% of the code for FreeIPA to > have FirewallD configuration support with iptables fall-back. The code can > mostly be used without modification in oVirt to make things easier. That's a good news. See also bug #995362. We can't add support for firewalld to hosted engine until engine support it.