Skip to content

Configuring the firewall

Configure the firewall for your automotive operating system (OS) image.

Prerequisites

  • A custom OS image manifest that has network configurations, such as the one you used in Configuring networking

Procedure

  1. Add SSH packages to your manifest:

    SSH RPM packages for firewall support
    mpp-vars:
  name: firewall
  # Add ssh
  extra_rpms:
    - openssh-server
    - openssh-clients

  2. Add the firewalld package:

    Firewall RPM package
              packages:
            mpp-join:
            - mpp-eval: image_rpms
            - mpp-eval: extra_rpms
            - - firewalld

  3. Configure the firewall with SSH root access:

    Example firewall, SSH, and port configuration
      # Configure the firewall to permit ssh login
  - type: org.osbuild.firewall
    options:
      enabled_services:
        - ssh
      ports:
        - 8584:tcp

  # Permit ssh login as root, so sshd runs (demo tests)
  - type: org.osbuild.sshd.config
    options:
      config:
        PasswordAuthentication: true
        PermitRootLogin: true

  4. Enable firewall and SSH services to run through systemd:

    Firewall and SSH services managed by systemd
      # Ensure ssh and firewalld run
  - type: org.osbuild.systemd
    options:
      enabled_services:
      - firewalld.service
      - sshd.service

Next steps

  1. Configure interprocess communications (IPCs) between your ASIL and QM containers and across partitions.
  2. Encrypt your filesystem.
  3. Enable BlueChi orchestration.
  4. Build your automotive OS image with kernel-automotive or your custom kernel.

© Red Hat