Skip to content

optionally enable mdns service in firewalld #1341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 1 commit into from
Feb 9, 2023
Merged

optionally enable mdns service in firewalld #1341

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/howto_firewall.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,14 @@ The following ports are optional and they should be considered for MicroShift if
The following commands can be used for enabling `firewalld` and opening all the above mentioned source IP addresses and ports.
> Use the appropriate pod IP range if it is different from the default `10.42.0.0/16` setting.

> Use the appropriate optional settings when requiring external access to services running on MicroShift (e.g. port 6443 for api server, ports 80 and 443 for applications exposed through the router, etc.).
> Use the appropriate optional settings when requiring external access to services running on MicroShift (e.g. port 6443 for api server, ports 80 and 443 for applications exposed through the router, mdns service for receiving mdns query etc.).

```bash
sudo dnf install -y firewalld
sudo systemctl enable firewalld --now
# Mandatory settings
sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16
sudo firewall-cmd --permanent --zone=trusted --add-source=169.254.169.1
sudo firewall-cmd --permanent --add-service=mdns
sudo firewall-cmd --reload
# Optional settings
sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
Expand All @@ -41,5 +40,6 @@ sudo firewall-cmd --permanent --zone=public --add-port=5353/udp
sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/tcp
sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/udp
sudo firewall-cmd --permanent --zone=public --add-port=6443/tcp
sudo firewall-cmd --permanent --zone=public --add-service=mdns
sudo firewall-cmd --reload
```
1 change: 0 additions & 1 deletion scripts/devenv-builder/configure-vm.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,6 @@ if [ $BUILD_AND_INSTALL = true ] ; then
sudo systemctl enable firewalld --now
sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16
sudo firewall-cmd --permanent --zone=trusted --add-source=169.254.169.1
sudo firewall-cmd --permanent --add-service=mdns
sudo firewall-cmd --reload

# Run MicroShift Executable > Configuring MicroShift
Expand Down