You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using the default CNI provided by rek2 i.e. hardened-calico:v3.13.3-build20210223. It is using iptables rule for the nat rules even through iptables services is not running. my host server is RedHat Enterprise Linux 8. I have not enabled neither nftables nor iptables
# systemctl status iptables
● iptables.service
Loaded: masked (Reason: Unit iptables.service is masked.)
Active: inactive (dead)
# systemctl status nftables
● nftables.service - Netfilter Tables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:nft(8)
However I have a requirement to enable host based firewall rules. RedHat recommends to use nftables going forward. If i enable nftables then the iptables returns below error.
# iptables -L
iptables v1.8.4 (nf_tables): table `filter' is incompatible, use 'nft' tool.
I can however add my custom iptables rules but it gets lost during reboot. I have written a script that runs on reboot to add my custom iptables rules.
So I was wondering, if there is another better option to add my custom iptables rules?
Also Is there any option to use nftables for calico?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I am using the default CNI provided by rek2 i.e. hardened-calico:v3.13.3-build20210223. It is using iptables rule for the nat rules even through iptables services is not running. my host server is RedHat Enterprise Linux 8. I have not enabled neither nftables nor iptables
However I have a requirement to enable host based firewall rules. RedHat recommends to use nftables going forward. If i enable nftables then the iptables returns below error.
I can however add my custom iptables rules but it gets lost during reboot. I have written a script that runs on reboot to add my custom iptables rules.
Beta Was this translation helpful? Give feedback.
All reactions