mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
10 lines
845 B
Plaintext
10 lines
845 B
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * microshift_networking/microshift-networking.adoc
|
|
|
|
:_mod-docs-content-type: CONCEPT
|
|
[id="microshift-firewall-known-issue_{context}"]
|
|
= Known firewall issue
|
|
|
|
To avoid breaking traffic flows with a firewall reload or restart, run firewall commands before starting {op-system-base-full}. The CNI driver in {microshift-short} makes use of iptable rules for some traffic flows, such as those using the NodePort service. The iptable rules are generated and inserted by the CNI driver, but are deleted when the firewall reloads or restarts. The absence of the iptable rules breaks traffic flows. If firewall commands have to run after {microshift-short} is started, manually restart `ovnkube-master` pod in the `openshift-ovn-kubernetes` namespace to reset the rules controlled by the CNI driver.
|