modules/microshift-firewall-req-settings.adoc

// Module included in the following assemblies:
//
// * microshift_networking/microshift-firewall.adoc

:_mod-docs-content-type: CONCEPT
[id="microshift-firewall-req-settings_{context}"]
= Required firewall settings

An IP address range for the node network must be enabled during firewall configuration. You can use the default values or customize the IP address range. If you choose to customize the node network IP address range from the default `10.42.0.0/16` setting, you must also use the same custom range in the firewall configuration.

.Firewall IP address settings
[cols="3",options="header"]
|===
|IP Range
|Firewall rule required
|Description

|10.42.0.0/16
|No
|Host network pod access to other pods

|169.254.169.1
|Yes
|Host network pod access to {product-title} API server
|===

The following are examples of commands for settings that are mandatory for firewall configuration:

.Example commands

* Configure host network pod access to other pods:
+
[source,terminal]
----
$ sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16
----

* Configure host network pod access to services backed by Host endpoints, such as the {product-title} API:
+
[source,terminal]
----
$ sudo firewall-cmd --permanent --zone=trusted --add-source=169.254.169.1
----
OSDOCS-4693: Update firewall docs toto allow MicroShift API 2022-12-13 16:10:10 -05:00			`// Module included in the following assemblies:`
			`//`
OSDOCS-5274: Restart node when changing mtu value 2023-02-09 12:02:22 -05:00			`// * microshift_networking/microshift-firewall.adoc`
OSDOCS-4693: Update firewall docs toto allow MicroShift API 2022-12-13 16:10:10 -05:00
[enterprise-4.14] changing content type attribute 2023-10-30 10:13:25 -04:00			`:_mod-docs-content-type: CONCEPT`
OSDOCS-4800: Fix xref typo 2023-01-12 15:48:27 -05:00			`[id="microshift-firewall-req-settings_{context}"]`
OSDOCS-4693: Update firewall docs toto allow MicroShift API 2022-12-13 16:10:10 -05:00			`= Required firewall settings`
Add embedding MicroShift Signed-off-by: Frank A. Zdarsky <fzdarsky@redhat.com> 2022-12-19 16:53:44 +01:00
OSDOCS-16338: fixes cluster mentions MicroShift 2025-09-30 07:55:42 -04:00			An IP address range for the node network must be enabled during firewall configuration. You can use the default values or customize the IP address range. If you choose to customize the node network IP address range from the default `10.42.0.0/16` setting, you must also use the same custom range in the firewall configuration.
OSDOCS-4693: Update firewall docs toto allow MicroShift API 2022-12-13 16:10:10 -05:00
			`.Firewall IP address settings`
			`[cols="3",options="header"]`
			`\|===`
			`\|IP Range`
			`\|Firewall rule required`
			`\|Description`

			`\|10.42.0.0/16`
			`\|No`
			`\|Host network pod access to other pods`

			`\|169.254.169.1`
			`\|Yes`
			`\|Host network pod access to {product-title} API server`
			`\|===`

			`The following are examples of commands for settings that are mandatory for firewall configuration:`

			`.Example commands`

			`* Configure host network pod access to other pods:`
			`+`
OSDOCS-7596: correct space in attribute code block notation 2023-09-06 10:14:35 -04:00			`[source,terminal]`
OSDOCS-4693: Update firewall docs toto allow MicroShift API 2022-12-13 16:10:10 -05:00			`----`
			`$ sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16`
			`----`

			`* Configure host network pod access to services backed by Host endpoints, such as the {product-title} API:`
			`+`
OSDOCS-7596: correct space in attribute code block notation 2023-09-06 10:14:35 -04:00			`[source,terminal]`
OSDOCS-4693: Update firewall docs toto allow MicroShift API 2022-12-13 16:10:10 -05:00			`----`
			`$ sudo firewall-cmd --permanent --zone=trusted --add-source=169.254.169.1`
			`----`