ExternalVendorCode/balena-supervisor
1
0
Fork 0
mirror of https://github.com/balena-os/balena-supervisor.git synced 2024-12-18 21:27:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
balena-supervisor/docs/firewall.md
Felipe Lalanne 1b747f6d65
Update firewall documentation 
Removes experimental warning and updates issues

Change-type: patch
2024-11-07 11:04:32 -03:00

1.8 KiB
Raw Permalink Blame History

Firewall

Starting with Supervisor v11.9.1, the balena Supervisor comes with the ability to control the device's firewall through the iptables package. The Supervisor manipulates the filter table to control network traffic.

Firewall Modes

To switch between firewall modes, the HOST_FIREWALL_MODE (with BALENA_ or legacy RESIN_ prefix) configuration variable may be defined on a fleet or device level through the dashboard, and has three valid settings: on, off, and auto, with off being the default mode.

[!NOTE] Configuration variables defined in the dashboard will not apply to devices in local mode.

Mode Description
on Only traffic for core services provided by balena and containers on the host network are allowed.
off All network traffic is allowed.
auto If there are host network services, behaves as if FIREWALL_MODE = on. If there aren't host network services, behaves as if FIREWALL_MODE = off.

Issues

Before v14.9.2 manually-set firewall rules to the filter table will be overwritten by the Supervisor (related issue). Please update your supervisor if you observe this behavior.