-
|
Does Flatcar have host based firewall (iptables/nft) configured to drop all incoming connections by default (except for the ports used by flatcar)? Asking for security compliance. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
No, Flatcar does not ship with firewall rules by default. It is up to the user to configure the appropriate firewall rules through ignition. |
Beta Was this translation helpful? Give feedback.
-
|
Ok thanks! Is there a reason why Flatcar does not configured to drop all incoming connections by default? |
Beta Was this translation helpful? Give feedback.
-
|
For a server it would be a bad default and first thing people would have to do is disable it like SELinux ;) |
Beta Was this translation helpful? Give feedback.
-
|
I see ok, Of course, I would assume the needed ports are opened and the rest are blocked by default. Then ports are open 1 by 1 as needed. This is inline with https://github.com/flatcar/Flatcar/blob/main/CIS/README.md where "Iptables is expected to have rule "-P INPUT DROP". SELinux --> LOL! Happens every time when setting up new server. |
Beta Was this translation helpful? Give feedback.
No, Flatcar does not ship with firewall rules by default. It is up to the user to configure the appropriate firewall rules through ignition.
The only port used by Flatcar by default is port 22.