This is a cache of https://docs.okd.io/4.9/networking/ovn_kubernetes_network_provider/editing-egress-firewall-ovn.html. It is a snapshot of the page at 2025-10-19T23:09:34.347+0000.
Editing an egress firewall for a project - OVN-Kubernetes default CNI network provider | Networking | OKD 4.9
×

As a cluster administrator, you can modify network traffic rules for an existing egress firewall.

Editing an EgressFirewall object

As a cluster administrator, you can update the egress firewall for a project.

Prerequisites
  • A cluster using the OVN-Kubernetes default Container Network Interface (CNI) network provider plugin.

  • Install the OpenShift cli (oc).

  • You must log in to the cluster as a cluster administrator.

Procedure
  1. Find the name of the EgressFirewall object for the project. Replace <project> with the name of the project.

    $ oc get -n <project> egressfirewall
  2. Optional: If you did not save a copy of the EgressFirewall object when you created the egress network firewall, enter the following command to create a copy.

    $ oc get -n <project> egressfirewall <name> -o yaml > <filename>.yaml

    Replace <project> with the name of the project. Replace <name> with the name of the object. Replace <filename> with the name of the file to save the YAML to.

  3. After making changes to the policy rules, enter the following command to replace the EgressFirewall object. Replace <filename> with the name of the file containing the updated EgressFirewall object.

    $ oc replace -f <filename>.yaml