mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
10 lines
849 B
Plaintext
10 lines
849 B
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * microshift_networking/microshift-networking.adoc
|
|
|
|
:_mod-docs-content-type: CONCEPT
|
|
[id="microshift-firewall-known-issue_{context}"]
|
|
= Known firewall issue
|
|
|
|
* To avoid breaking traffic flows with a firewall reload or restart, execute firewall commands before starting {op-system}. The CNI driver in {microshift-short} makes use of iptable rules for some traffic flows, such as those using the NodePort service. The iptable rules are generated and inserted by the CNI driver, but are deleted when the firewall reloads or restarts. The absence of the iptable rules breaks traffic flows. If firewall commands have to be executed after {microshift-short} is running, manually restart `ovnkube-master` pod in the `openshift-ovn-kubernetes` namespace to reset the rules controlled by the CNI driver.
|