fedora-coreos-docs icon indicating copy to clipboard operation
fedora-coreos-docs copied to clipboard

Published 20 hours ago verified publisher icon coreos

Document firewall configuration with firewalld, nftables and list open ports by default

Open bgilbert opened this issue 4 years ago • 4 comments

This is something that people will want to do.

We don't ship firewalld. We should document systemd units or config files that should be used to set up rules.

bgilbert avatar Feb 10 '21 17:02 bgilbert

I assume we should emphasize nftables rather than legacy iptables?

bgilbert avatar Feb 10 '21 19:02 bgilbert

I commented showing how I got nftables and iptables to work. I'm more than willing to fork this repository, update it, and do a pull request if what I posted is the correct way.

magnusviri avatar Apr 14 '21 17:04 magnusviri

@magnusviri Your Butane config looks like a good start. Would you like to make a PR for a doc page with that example? Thanks!

travier avatar Aug 25 '21 09:08 travier

Related to https://github.com/coreos/fedora-coreos-tracker/issues/1747, we decided that we should document:

  • how to setup firewalld either via layering or via a container
  • how to setup static nftables/iptables rules
  • what ports and services are running / listening on the network by default in Fedora CoreOS
  • why the default container networking model using network namespaces reduces the need for a firewall on Fedora CoreOS
  • what can be done with cloud firewalls on some platforms

travier avatar Jul 10 '24 17:07 travier