Verified this bug on 4.7.0-0.nightly-2021-08-19-235306 sh-4.4# ssh -i ca.pem core.0.5 The authenticity of host '10.0.0.5 (10.0.0.5)' can't be established. ECDSA key fingerprint is SHA256:JrM2oyJKh3UX0+toqeLl2S1dGQLQ2+mzshMQg1W8ZL0. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '10.0.0.5' (ECDSA) to the list of known hosts. Red Hat Enterprise Linux CoreOS 47.84.202108181031-0 Part of OpenShift 4.7, RHCOS is a Kubernetes native operating system managed by the Machine Config Operator (`clusteroperator/machine-config`). WARNING: Direct SSH access to machines is not recommended; instead, make configuration changes via `machineconfig` objects: https://docs.openshift.com/container-platform/4.7/architecture/architecture-rhcos.html --- [core@zzhaoazure47-twdtz-master-1 ~]$ sudo -i [root@zzhaoazure47-twdtz-master-1 ~]# iptables-save | grep AZUR :AZURE_CHECK_ICMP_SOURCE - [0:0] :AZURE_ICMP_ACTION - [0:0] -A INPUT -p icmp -m icmp --icmp-type 3/4 -j AZURE_CHECK_ICMP_SOURCE -A AZURE_CHECK_ICMP_SOURCE -s 10.0.0.6/32 -p icmp -j AZURE_ICMP_ACTION -A AZURE_CHECK_ICMP_SOURCE -s 10.0.0.7/32 -p icmp -j AZURE_ICMP_ACTION -A AZURE_CHECK_ICMP_SOURCE -s 10.0.0.5/32 -p icmp -j AZURE_ICMP_ACTION -A AZURE_CHECK_ICMP_SOURCE -s 10.0.32.4/32 -p icmp -j AZURE_ICMP_ACTION -A AZURE_CHECK_ICMP_SOURCE -s 10.0.32.6/32 -p icmp -j AZURE_ICMP_ACTION -A AZURE_CHECK_ICMP_SOURCE -s 10.0.32.5/32 -p icmp -j AZURE_ICMP_ACTION -A AZURE_ICMP_ACTION -j LOG -A AZURE_ICMP_ACTION -j DROP
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.7.28 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3262