NetworkRuleConfig

NetworkRuleConfig is a network firewall rule config document.
apiVersion: v1alpha1
kind: NetworkRuleConfig
name: ingress-apid # Name of the config document.
# Port selector defines which ports and protocols on the host are affected by the rule.
portSelector:
    # Ports defines a list of port ranges or single ports.
    ports:
        - 50000
    protocol: tcp # Protocol defines traffic protocol (e.g. TCP or UDP).
# Ingress defines which source subnets are allowed to access the host ports/protocols defined by the `portSelector`.
ingress:
    - subnet: 192.168.0.0/16 # Subnet defines a source subnet.
FieldTypeDescriptionValue(s)
namestringName of the config document.
portSelectorRulePortSelectorPort selector defines which ports and protocols on the host are affected by the rule.
ingress[]IngressRuleIngress defines which source subnets are allowed to access the host ports/protocols defined by the portSelector.

portSelector

RulePortSelector is a port selector for the network rule.

FieldTypeDescriptionValue(s)
portsPortRanges
Ports defines a list of port ranges or single ports.The port ranges are inclusive, and should not overlap.
Show example(s)
ports:
    - 80
    - 443
ports:
    - 1200-1299
    - 8080
protocolProtocolProtocol defines traffic protocol (e.g. TCP or UDP).tcp
udp
icmp
icmpv6

ingress[]

IngressRule is a ingress rule.

FieldTypeDescriptionValue(s)
subnetPrefixSubnet defines a source subnet.
Show example(s)
subnet: 10.3.4.0/24
subnet: 2001:db8::/32
subnet: 1.3.4.5/32
exceptPrefixExcept defines a source subnet to exclude from the rule, it gets excluded from the subnet.
Last modified September 27, 2024: feat: prepare for Talos 1.9 (392c4798f)