Viewing an egress firewall for a project

As a cluster administrator, you can list the names of any existing egress firewalls and view the traffic rules for a specific egress firewall.

Viewing an EgressFirewall object

You can view an EgressFirewall object in your cluster.

Prerequisites

  • A cluster using the OVN-Kubernetes default Container Network Interface (CNI) network provider plug-in.

  • Install the OpenShift Command-line Interface (CLI), commonly known as oc.

  • You must log in to the cluster.

Procedure

  1. Optional: To view the names of the EgressFirewall objects defined in your cluster, enter the following command:

    1. $ oc get egressfirewall --all-namespaces

  2. To inspect a policy, enter the following command. Replace <policy_name> with the name of the policy to inspect.

    1. $ oc describe egressfirewall <policy_name>

    Example output

    1. Name:        default
    2. Namespace:    project1
    3. Created:    20 minutes ago
    4. Labels:        <none>
    5. Annotations:    <none>
    6. Rule:        Allow to 1.2.3.0/24
    7. Rule:        Allow to www.example.com
    8. Rule:        Deny to 0.0.0.0/0