Skip to content

Configuring the firewall

Configure the firewall for your automotive OS image.

Prerequisites

  • A custom OS image manifest that has network configurations, such as the one you used in Configuring networking

Procedure

  1. Add firewall, network, logging, and ssh RPM packages to your manifest:

    yaml {title="RPM packages for firewall support"} packages: mpp-join: - mpp-eval: image_rpms - - podman - containernetworking-plugins - firewalld - openssh-clients - openssh-server

  2. Configure the firewall add the following stages to the rootfs pipeline of your custom manifest:

    yaml {title="Firewall configuration example"} # Configure the firewall - type: org.osbuild.firewall options: enabled_services: - ssh - type: org.osbuild.sshd.config options: config: PermitRootLogin: true - type: org.osbuild.systemd options: enabled_services: - firewalld.service - sshd.service

Next steps

  1. Configure interprocess communications (IPCs) between your ASIL and QM containers and across partitions.
  2. Encrypt your filesystem.
  3. Enable BlueChi orchestration.
  4. Build your automotive OS image with kernel-automotive or your custom kernel.

© Red Hat