Keane Lim 3c5fa979a4 Security guide update

Re-organized topic hierarchy

Tiny edit to restart review workflow.

Squashed with Resolved index.rst conflict commit

Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5
Signed-off-by: Keane Lim <keane.lim@windriver.com>
Signed-off-by: MCamp859 <maryx.camp@intel.com>

2021-03-12 15:10:40 -05:00

1.4 KiB

Raw Blame History

Firewall Options

applies default firewall rules on the network.

The default rules are recommended for most applications. See Default Firewall Rules <security-default-firewall-rules> for details. You can configure an additional file in order to augment or override the default rules.

A minimal set of rules is always applied before any custom rules, as follows:

Non-OAM traffic is always accepted.
Egress traffic is always accepted.
traffic is always accepted.
SSH traffic is always accepted.

Note

It is recommended to disable port 80 when HTTPS is enabled for external connection.

Operational complexity:

provides OAM firewall rules through Kubernetes Network Policies. For more information, see Firewall Options <security-firewall-options>.
The custom rules are applied using iptables-restore or ip6tables-restore.

Default Firewall Rules

applies these default firewall rules on the OAM network. The default rules are recommended for most applications.

For a complete listing, see Default Firewall Rules <security-default-firewall-rules>.

1.4 KiB Raw Blame History

Firewall Options

Default Firewall Rules

1.4 KiB

Raw Blame History