By default it seems like Fedora CoreOS leaves all ports open. I’m trying to modify this behavior by adding some firewall rules. I can’t find any documentation on this topic but my assumption is that FCOS is using iptables.
Whenever I edit /etc/sysconfig/iptables using ignition, CoreOS is unable to complete booting. Doesn’t matter what the contents of the file are. Instead it goes into emergency mode. For example, if I add this to ignition:
storage: files: - path: /etc/sysconfig/iptables mode: 0600 contents: inline: | *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT
Editing manually after booting doesn’t seem to be an issue, only if it’s set via ignition.
What’s the correct way to update firewall rules for Fedora CoreOS?