7.4. Troubleshooting ufw
This section provides troubleshooting information for the Configuring ufw for K3s phase of Running the LOCKSS Installer.
7.4.1. Allow traffic from 10.42.0.0/16 and 10.43.0.0/16 via ufw
If your system is running the ufw firewall, it is necessary to allow traffic from K3s' pod and service subnets 1 via ufw for K3s to work properly 2. If install-lockss detects this situation, you will see a warning message and the following prompt 3:
Allow traffic from 10.42.0.0/16 and 10.43.0.0/16 via ufw?
Enter Y to accept the proposed ufw configuration. If you bypass the proposed configuration, K3s may malfunction.
The firewalld configuration attempted by install-lockss is equivalent to 1:
ufw allow from 10.42.0.0/16 to any
ufw allow from 10.43.0.0/16 to any
ufw reload
7.4.2. Post-Installation Changes to ufw
If your system did not initially use ufw at the time K3s was installed, but later does (for example because ufw becomes enabled), run this command (which is relative to the LOCKSS Installer Directory) as a privileged user who can become root
via sudo 4:
scripts/install-lockss --configure-ufw
This will run only the Configuring ufw for K3s phase of install-lockss.
Footnotes
- 1
By default, K3s' pod subnet is 10.42.0.0/16 and service subnet is 10.43.0.0/16.
- 2
References:
- 3
- 4