Firewall Options¶
StarlingX applies default firewall rules on the OAM network.
The default rules are recommended for most applications. See Default Firewall Rules for details. You can configure an additional file in order to augment or override the default rules.
A minimal set of rules is always applied before any custom rules, as follows:
Non-OAM traffic is always accepted.
Egress traffic is always accepted.
SM traffic is always accepted.
SSH traffic is always accepted.
Note
It is recommended to disable port 80 when HTTPS is enabled for external connection.
Operational complexity:
StarlingX provides OAM firewall rules through Kubernetes Network Policies. For more information, see Firewall Options.
The custom rules are applied using iptables-restore or ip6tables-restore.
Default Firewall Rules¶
StarlingX applies these default firewall rules on the OAM network. The default rules are recommended for most applications.
For a complete listings, see Default Firewall Rules.