ECS Day Two Operations Guide

Install iptables on the new Cloudera Embedded Container Service master nodes

You must install iptables on all of the additional Cloudera Embedded Container Service master nodes.

If your Cloudera Embedded Container Service hosts are running on the CentOS 8.4, OEL 8.4, RHEL 8, or RHEL 9 operating systems, you must install iptables on all the Cloudera Embedded Container Service hosts. Run the following command on each additional Cloudera Embedded Container Service master node:

yum --setopt=tsflags=noscripts install -y iptables

For RHEL 9 only:

If iptables have been installed, then check their iptables version by using the following command:
```
iptables -V
```
This returns the iptables version running in the backend. For example:
```
iptables v1.8.4 (nf_tables)
```
If the version provides nf_tables instead of legacy, you must change the iptables binary to use iptables-legacy in the backend. Remove the symlink between iptables and iptables-nft and then symlink iptables to iptables-legacy by running the following command:
```
ln -s /usr/sbin/iptables-legacy /usr/sbin/iptables
ln -s /usr/sbin/iptables-legacy-save  /usr/sbin/iptables-save
ln -s /usr/sbin/iptables-legacy-restore /usr/sbin/iptables-restore 
```