Solve UFW (firewall) for nodes #11

New issue

Closed

opened 2022-10-24 04:35:13 +02:00 by tom · 5 comments

tom commented 2022-10-24 04:35:13 +02:00

Owner

Copy link

Currently we use UFW for a clear and simple firewall configuration. If UFW is enabled once, Wireguard cannot establish a connection after a reboot. It does not matter which rules have been set and whether the firewall is still activated.

Currently we use UFW for a clear and simple firewall configuration. If UFW is enabled once, Wireguard cannot establish a connection after a reboot. It does not matter which rules have been set and whether the firewall is still activated.

tom added the

type

bug

label 2022-10-24 04:35:20 +02:00

tom commented 2022-10-27 07:07:36 +02:00

Author

Owner

Copy link

Update: Can no longer reproduce this problem. Neither a restart of a master node nor a worker node triggers the problem... keep observing and also try with other Kubernetes version.

Update: Can no longer reproduce this problem. Neither a restart of a master node nor a worker node triggers the problem... keep observing and also try with other Kubernetes version.

aaron added the

type

question

label 2022-11-06 15:31:38 +01:00

tom commented 2022-11-09 10:01:36 +01:00

Author

Owner

Copy link

Update: The weave net plugin (cni for k8s) reconfigure IPTables and forwards entire traffic to own chain ("KUBE-FIREWALL"). In this chain, the entire v6 traffic will be dropped for some reason.

Temporarily workaround...

ip6tables -I KUBE-FIREWALL -p udp --dport 12345 -j ACCEPT

Update: The weave net plugin (cni for k8s) reconfigure IPTables and forwards entire traffic to own chain ("KUBE-FIREWALL"). In this chain, the entire v6 traffic will be dropped for some reason. Temporarily workaround... ``` ip6tables -I KUBE-FIREWALL -p udp --dport 12345 -j ACCEPT ```

aaron added this to the Yolo Ready milestone 2022-11-11 21:07:20 +01:00

tom commented 2022-11-16 07:29:08 +01:00

Author

Owner

Copy link

solved with commit 4a89bd6d2f

solved with commit [4a89bd6d2f](https://git.ar21.de/yolokube/ansible/commit/4a89bd6d2f98bc7dc110c0f1428a2b1c55991793)

tom closed this issue 2022-11-16 07:29:26 +01:00

tom commented 2022-11-16 07:36:55 +01:00

Author

Owner

Copy link

open until commit is in main branch. lol

open until commit is in main branch. lol

tom reopened this issue 2022-11-16 07:36:55 +01:00

tom self-assigned this 2022-11-16 07:37:25 +01:00

tom referenced this issue 2022-11-16 09:11:00 +01:00

fix the cluster creation #14

tom commented 2022-11-23 16:58:12 +01:00

Author

Owner

Copy link

solved with commit 2faf03c9aa

solved with commit [2faf03c9aa](https://git.ar21.de/yolokube/ansible/commit/2faf03c9aad9cac3dd992acfc58ac8b136ef5bd6)

tom closed this issue 2022-11-23 16:58:12 +01:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

tn_upgrade_debian_to_13

ar-vault

ar-test

dev

No results found.

Labels

Clear labels   

system

CNI

  

system

Common

  

system

Core Deployments

  

system

Infrastructure

  

system

Storage

  

type

bug

Something is not working

  

type

enhancement

New feature

  

type

question

More information is needed

  

type

update

Software needs update

  

type

dependency-dashboard

Only for Renovate Dependency Dashboard

No labels

system

CNI

system

Common

system

Core Deployments

system

Infrastructure

system

Storage

type

bug

type

enhancement

type

question

type

update

type

dependency-dashboard

Milestone

Clear milestone

No items

No milestone

Yolo Ready

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

tom

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

yolokube/ansible#11

No description provided.