How to configure iptables on RancherOS

This document (000020209) is provided subject to the disclaimer at the end of this document.

Situation

Task

How to configure firewall rules using iptables on RancherOS

Pre-requisites

  • A RancherOS v1.5.x host

Resolution

The runcmd option in cloud-config can be used to run commands, such as iptables rules, to set firewall rules on a RancherOS host. For example the following can be used to disable SSH access on port 22.

#cloud-config
runcmd:
- "iptables -A INPUT -p tcp --destination-port 22 -j DROP"

The above snipet can be placed in /var/lib/rancher/conf/cloud-config.d/xxx.yaml, or added to the initial config while installing RancherOS. It will be executed every time RancherOS is booted.

You can use the following iptables command to view the status of the rules:

$ iptables -t filter -nv -L INPUT
Chain INPUT (policy ACCEPT 321 packets, 41200 bytes)
 pkts bytes target     prot opt in     out     source               destination
    9     523 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22

Further reading

More information on running command on boot can be found here.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020209
  • Creation Date: 06-May-2021
  • Modified Date:06-May-2021
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center