mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
44 lines
1.3 KiB
Plaintext
44 lines
1.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * microshift_networking/microshift-firewall.adoc
|
|
|
|
:_mod-docs-content-type: CONCEPT
|
|
[id="microshift-firewall-req-settings_{context}"]
|
|
= Required firewall settings
|
|
|
|
An IP address range for the cluster network must be enabled during firewall configuration. You can use the default values or customize the IP address range. If you choose to customize the cluster network IP address range from the default `10.42.0.0/16` setting, you must also use the same custom range in the firewall configuration.
|
|
|
|
.Firewall IP address settings
|
|
[cols="3",options="header"]
|
|
|===
|
|
|IP Range
|
|
|Firewall rule required
|
|
|Description
|
|
|
|
|10.42.0.0/16
|
|
|No
|
|
|Host network pod access to other pods
|
|
|
|
|169.254.169.1
|
|
|Yes
|
|
|Host network pod access to {product-title} API server
|
|
|===
|
|
|
|
The following are examples of commands for settings that are mandatory for firewall configuration:
|
|
|
|
.Example commands
|
|
|
|
* Configure host network pod access to other pods:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16
|
|
----
|
|
|
|
* Configure host network pod access to services backed by Host endpoints, such as the {product-title} API:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo firewall-cmd --permanent --zone=trusted --add-source=169.254.169.1
|
|
----
|