Description
Netmaker version: 0.24.2 community
Netclient: 0.24.2 community, installed on linux hosts (debian) through netmaker repository package manager
Firewall: nftables
Since version 0.24, I have some troubles between netclient and the firewall of the OS. Indeed, after each restart of netclient service (and especially during an upgrade of netclient), it keeps loading its own rules in the firewall, breaking my own configuration. My firewalls are configured on each node in blocking mode, allowing the ports necessary for netmaker and hosted services. The problem is worse on my hypervisor, for which a nat configuration is in place.
Example of firewall configuration after netclient restart:
Whereas the configuration loaded through systemd at startup on the same host is this one:
From my point of view, it is not the role of netmaker to handle FW configuration by default since it can conflict with other configurations and services. I would prefer to have the possibility to do it manually when needed.
Thus, my questions are the following:
- What are the needs for netclient to modify firewall rules?
- Is there a way to prevent netclient to modify the firewall (through some configuration or something)?
I have searched the documentation and the troubleshooting section with no luck on that subject.
Thank you in advance for your answer and congrats for the job already done!
Activity