Comment 6 for bug 1287194

I've made some slight changes to the last section of the "Recommended Actions" section of the OSSN draft. Specifically, I corrected an error in the ephemeral migration port range. I also added details on how to look up what ports are configured for libvirt remote access and live migration in case one is not using the defaults. Here is the new content:

-----------------------------------------------------------------------------
It is also recommended to configure the firewall on each OpenStack Compute node
to only allow other Compute nodes to access the ports that are used for remote
access to the libvirt daemon. By default, this is port 16514 for TLS, 16509
for unencrypted TCP, and an ephemeral port range of 49152-49215. You can check
what ports you have configured for the libvirt daemon by looking at the
following configuration directives:

  tls_port (libvirtd.conf)
  tcp_port (libvirtd.conf)
  migration_port_min (qemu.conf)
  migration_port_max (qemu.conf)

Please consult the documentation for your firewall software for instructions on
configuring the appropriate firewall rules.
-----------------------------------------------------------------------------