K3s overrides firewalld rules

polpmpn1 · February 23, 2025, 6:05pm

We have firewalld configured (via salt, of course) to open all ports only to trusted networks (a mix of public IPs and private nets). A few ports like 80 and 443 are open to all IPs.

When k3s starts, traefik inserts a ton of KUBE* rules that are processed first which causes 8443 and 8080 to be open to all IPs. We don’t want that.

This seems to be a bug and there is no actual fix, any ideas would be appreciated. I have another posting with someone having a similar issue.

Installing k3s disables firewall port range unexpectedly - Help - NixOS Discourse

polpmpn1 · March 4, 2025, 3:08pm

K3s overrides salt config of firewalld, kube injects rules that overrides · k3s-io/k3s · Discussion #11873 We have even started this thread to no avail.

Anyone else have any ideas? Much appreciated

Topic		Replies	Views
K3S and IPTables Woes: How to IP whitelist on firewall level? k3s, k3OS, and k3d	1	1226	September 3, 2024
Start traefik outside interface from scratch on 8080 and 8443 k3s, k3OS, and k3d	1	1161	November 3, 2022
Running K3S with Traefik on a second entwork interface k3s, k3OS, and k3d	1	864	April 12, 2023
[SOLVED] Unable to use Ingress/Traefik in K3S version v1.23.6+k3s1 (418c3fa8) k3s, k3OS, and k3d	3	9597	December 22, 2023
K3s traefik configuration override problems k3s, k3OS, and k3d	0	3540	March 14, 2022

K3s overrides firewalld rules

Related topics