Added instructions for firewalld

[cragr]

Proposed changes

Added firewalld instructions on the installation pages. Also specified "infra nodes" in plural tense for the event multiple routers are run.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• [x] I have read the CONTRIBUTING guide
• [x] I have proven my fix is effective or that my feature works
• [x] I have updated necessary documentation
• [x] I have rebased my branch onto master
• [x] I will ensure my PR is targeting the master branch and pulling from my branch on my own fork

[cragr]

Your suggestions are on target and have been implemented.

[pleshakov]

@CountPickering Thanks for implementing those suggestions!

Additionally, because port 1936 is not used for regular traffic like ports 80 and 443, but rather the admin traffic, is it possible to extend the firewall-cmd instruction to include the source range, similarly to the existing iptables command.

regarding the comment above, can this be addressed?

if there are no simple firewall-cmd commands for this case, then it makes sense to put a note right after the command. Something like below:

Note: For simplicity, the firewall-cmd commands listed above do not configure the source IP range of the allowed traffic. It is recommended that you configure the source IP range to protect the [stub status page|dashboard] similarly to the iptables command.

[cragr]

I would add the note as you suggested. With firewalld you can define a range but it requires the setup of a zone. The OpenShift 3.11 installer uses the public zone by default.

[pleshakov]

@CountPickering that sounds good! thx

[magicalyak]

Just a note, this could be further expanded by demonstrating the command

$ sudo firewall-cmd --permanent --zone=public \ 
 --add-rich-rule='rule family="ipv4" \
 source address="1.2.3.4/32" \ 
 port protocol="tcp" \
 port="1936" accept'
$ sudo firewall-cmd --reload