28 lines
1014 B
Markdown
28 lines
1014 B
Markdown
|
---
|
||
|
|
type: task
|
||
|
|
---
|
||
|
|
|
||
|
|
The host's firewall should be auto-configured, by default, to allow all incoming
|
||
|
|
traffic for a network's CIDR. For Linux this will (probably) mean making
|
||
|
|
(system?) calls to iptables.
|
||
|
|
|
||
|
|
- There must be a mechanism for the user to disable this behavior if they want,
|
||
|
|
likely just as part of the `daemon.yml` and not CLI for MVP.
|
||
|
|
|
||
|
|
- The operator "Configuring Firewall" documentation must be updated.
|
||
|
|
|
||
|
|
- A network's Shutdown method should clear out all enabled rules.
|
||
|
|
|
||
|
|
- On startup the network needs to properly handle the rules already being
|
||
|
|
present, either because the user added them manually previously or there was a
|
||
|
|
previous unclean shutdown.
|
||
|
|
|
||
|
|
- Check if systemd service file needs any updates with respect to capabilities
|
||
|
|
or `After` directives.
|
||
|
|
|
||
|
|
- Keep in mind that IPv6 overlay networks will need to be supported in the
|
||
|
|
future, so ip6tables needs to be investigated.
|
||
|
|
|
||
|
|
- Make sure that using alternative firewalls, like ufw, works as expected. Also,
|
||
|
|
how does nftables fit in here?
|