1014 B
| type |
|---|
| task |
The host's firewall should be auto-configured, by default, to allow all incoming traffic for a network's CIDR. For Linux this will (probably) mean making (system?) calls to iptables.
-
There must be a mechanism for the user to disable this behavior if they want, likely just as part of the
daemon.ymland not CLI for MVP. -
The operator "Configuring Firewall" documentation must be updated.
-
A network's Shutdown method should clear out all enabled rules.
-
On startup the network needs to properly handle the rules already being present, either because the user added them manually previously or there was a previous unclean shutdown.
-
Check if systemd service file needs any updates with respect to capabilities or
Afterdirectives. -
Keep in mind that IPv6 overlay networks will need to be supported in the future, so ip6tables needs to be investigated.
-
Make sure that using alternative firewalls, like ufw, works as expected. Also, how does nftables fit in here?