From adffd768b1db4826fd838841feed7490f032d9a6 Mon Sep 17 00:00:00 2001
From: Catherine Luse <catherine.luse@rancher.com>
Date: Mon, 3 Feb 2020 15:58:15 -0700
Subject: [PATCH 1/2] Document how to open SUSE Linux ports

---
 .../node-requirements/_index.md               | 25 +++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md b/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md
index 7f85a8249d1..e345dba55b7 100644
--- a/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md
+++ b/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md
@@ -28,7 +28,9 @@ If you plan to use ARM64, see [Running on ARM64 (Experimental).]({{<baseurl>}}/r
 
 For information on how to install Docker, refer to the official [Docker documentation.](https://docs.docker.com/)
 
-> **Note:** Some distributions of Linux derived from RHEL, including Oracle Linux, may have default firewall rules that block communication with Helm. This [how-to guide]({{<baseurl>}}/rancher/v2.x/en/installation/options/firewall) shows how to check the default firewall rules and how to open the ports with `firewalld` if necessary.
+Some distributions of Linux derived from RHEL, including Oracle Linux, may have default firewall rules that block communication with Helm. This [how-to guide]({{<baseurl>}}/rancher/v2.x/en/installation/options/firewall) shows how to check the default firewall rules and how to open the ports with `firewalld` if necessary.
+
+SUSE Linux may have a firewall that blocks all ports by default. In that situation, follow [these steps](#opening-suse-linux-ports) to open the ports needed for adding a host to a custom cluster.
 
 ### Requirements for Windows Nodes
 
@@ -182,4 +184,23 @@ In these cases, you have to explicitly allow this traffic in your host firewall,
 
 If you want to provision a Kubernetes cluster that is compliant with the CIS (Center for Internet Security) Kubernetes Benchmark, we recommend to following our hardening guide to configure your nodes before installing Kubernetes.
 
-For more information on the hardening guide and details on which version of the guide corresponds to your Rancher and Kubernetes versions, refer to the [security section.]({{<baseurl>}}/rancher/v2.x/en/security/#rancher-hardening-guide)
\ No newline at end of file
+For more information on the hardening guide and details on which version of the guide corresponds to your Rancher and Kubernetes versions, refer to the [security section.]({{<baseurl>}}/rancher/v2.x/en/security/#rancher-hardening-guide)
+
+# Opening SUSE Linux Ports
+
+SUSE Linux may have a firewall that blocks all ports by default. To open the ports needed for adding the host to a custom cluster,
+
+1. SSH into the instance.
+1. Edit /`etc/sysconfig/SuSEfirewall2` and set the following ports:
+  ```
+  FW_SERVICES_EXT_TCP="22 80 443 2376 2379 2380 6443 9099 10250 10254 30000:32767"
+  FW_SERVICES_EXT_UDP="8472 30000:32767"
+  FW_ROUTE=yes
+  ```
+1. Restart the firewall with the new ports:
+  ```
+  SuSEfirewall2
+  ```
+
+**Result:** The node has the open ports required to be added to a custom cluster.
+

From 910416a7ac9371729f44b8c9e1671f474f035573 Mon Sep 17 00:00:00 2001
From: Catherine Luse <catherine.luse@rancher.com>
Date: Tue, 4 Feb 2020 11:10:31 -0700
Subject: [PATCH 2/2] Say which ports are opened for monitoring

---
 .../v2.x/en/cluster-provisioning/node-requirements/_index.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md b/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md
index e345dba55b7..24a0777534d 100644
--- a/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md
+++ b/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md
@@ -191,9 +191,9 @@ For more information on the hardening guide and details on which version of the
 SUSE Linux may have a firewall that blocks all ports by default. To open the ports needed for adding the host to a custom cluster,
 
 1. SSH into the instance.
-1. Edit /`etc/sysconfig/SuSEfirewall2` and set the following ports:
+1. Edit /`etc/sysconfig/SuSEfirewall2` and open the required ports. In this example, ports 9796 and 10250 are also opened for monitoring:
   ```
-  FW_SERVICES_EXT_TCP="22 80 443 2376 2379 2380 6443 9099 10250 10254 30000:32767"
+  FW_SERVICES_EXT_TCP="22 80 443 2376 2379 2380 6443 9099 9796 10250 10254 30000:32767"
   FW_SERVICES_EXT_UDP="8472 30000:32767"
   FW_ROUTE=yes
   ```