By default it seems like Fedora CoreOS leaves all ports open. I’m trying to modify this behavior by adding some firewall rules. I can’t find any documentation on this topic but my assumption is that FCOS is using iptables.
Whenever I edit /etc/sysconfig/iptables using ignition, CoreOS is unable to complete booting. Doesn’t matter what the contents of the file are. Instead it goes into emergency mode. For example, if I add this to ignition:
storage:
files:
- path: /etc/sysconfig/iptables
mode: 0600
contents:
inline: |
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
Editing manually after booting doesn’t seem to be an issue, only if it’s set via ignition.
What’s the correct way to update firewall rules for Fedora CoreOS?