8000 How to modify firewall rules? · Issue #467 · coreos/fedora-coreos-tracker · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
How to modify firewall rules? #467
@summatix

Description

@summatix

By default it seems like Fedora CoreOS leaves all ports open. I’m trying to modify this behavior by adding some firewall rules. I can’t find any documentation on this topic but my assumption is that FCOS is using iptables.

In Container Linux you could add firewall rules via the /var/lib/iptables/rules-save file. That doesn't seem to be the case for FCOS, and I can't find out where else to do it.

Whenever I edit /etc/sysconfig/iptables using ignition, FCOS is unable to complete booting. Doesn’t matter what the contents of the file are. Instead it goes into emergency mode. For example, if I add this to ignition, it'll fail to boot:

storage:
  files:
    - path: /etc/sysconfig/iptables
      mode: 0600
      contents:
        inline: |
          *filter
          :INPUT ACCEPT [0:0]
          :FORWARD ACCEPT [0:0]
          :OUTPUT ACCEPT [0:0]
          COMMIT

Editing iptables manually after booting doesn’t seem to be an issue, it's only an issue if I write to that file via ignition.

What’s the correct way to update firewall rules for Fedora CoreOS?

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      0