---
type: task
---

The host's firewall should be auto-configured, by default, to allow all incoming
traffic for a network's CIDR. For Linux this will (probably) mean making
(system?) calls to iptables.

- There must be a mechanism for the user to disable this behavior if they want,
  likely just as part of the `daemon.yml` and not CLI for MVP.

- The operator "Configuring Firewall" documentation must be updated.

- A network's Shutdown method should clear out all enabled rules.

- On startup the network needs to properly handle the rules already being
  present, either because the user added them manually previously or there was a
  previous unclean shutdown.

- Check if systemd service file needs any updates with respect to capabilities
  or `After` directives.

- Keep in mind that IPv6 overlay networks will need to be supported in the
  future, so ip6tables needs to be investigated.

- Make sure that using alternative firewalls, like ufw, works as expected. Also,
  how does nftables fit in here?