Hi People. So firewallD has issues with the CNI plugins as per this: https://docs.rke2.io/known_issues/#firewalld-conflicts-with-default-networking my question would be then - what options do I have to enable a firewall on the servers themselves ? so far we just left the firewalls off - but at some point we would need to enable them - suggestions?

My eventual plan is to look through https://projectcalico.docs.tigera.io/security/hosts and try using Calico (via the default Canal or Calico CNIs) to do a firewall. I haven't done it yet, still on the todo list, so not sure how well it'll work. I'd be happy to hear any positives or negatives from your experience if you try it before me.

@rapid-helmet-86074 I have also seen people use UFW, but i dont use ubuntu so not going to help me much. I tried finding a way to exlude adapters from the firewall (dont think it is possible). I could try use iptables natively or try nftables. going to be a bummer i can get the firewall working 😞

If I'm using Calico or Canal then using Calico to mimic firewall functionality always seemed safest to me, so that's where I figured it seemed like the right idea. If I tried ufw or similar I'd always be nervous that it'd interfere sometime later when my guard was down and it'd take me days longer to find that it was the cause.

Out of interest - is there a guide about this (what you are doing) so i can check it out?

I haven't started the Calico part, I'm supporting multiple things so I'm still on just basics with RKE2 & Rancher. Still need to play around with backup/restore & upgrades & get some of the gotchas for that documented before I get to messing with firewall. All I've got firewall-wise is the Calico link above which is on my todo list to go look at later.