From b28a45f93213c5b5ff92fd97a505f4c452d78325 Mon Sep 17 00:00:00 2001
From: Will Stephenson <wstephenson@suse.com>
Date: Fri, 29 Aug 2025 10:05:57 +0200
Subject: [PATCH 1/2] Check for running firewall and warn

Signed-off-by: Will Stephenson <wstephenson@suse.com>
---
 install.sh | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/install.sh b/install.sh
index cb54606bb16c..3d2e49f05ac2 100755
--- a/install.sh
+++ b/install.sh
@@ -128,6 +128,34 @@ verify_system() {
     fatal 'Can not find systemd or openrc to use as a process supervisor for k3s'
 }
 
+# --- use sudo if we are not already root ---
+set_sudo_cmd() {
+    SUDO=sudo
+    if [ $(id -u) -eq 0 ]; then
+        SUDO=
+    fi
+}
+
+# --- check for a running firewall and warn ---
+warn_if_firewall_running() {
+    set_sudo_cmd
+    # --- suse/rhel ---
+    if [ -x /usr/bin/firewall-cmd ]; then
+        $SUDO firewall-cmd --state > /dev/null 2>&1 && rc=$? || rc=$?
+        # --- 252 = NOT_RUNNING ---
+        if [ $rc -ne "252" ]; then
+            warn 'Using firewalld with K3s is not recommended. See https://docs.k3s.io/installation/requirements'
+        fi
+    fi
+    # --- debian/ubuntu ---
+    if [ -x /usr/sbin/ufw ]; then
+        $SUDO /usr/bin/ufw | grep -qw active && rc=$? || rc=$?
+        if [ $rc -eq "0" ]; then
+            warn 'Using ufw with K3s is not recommended. See https://docs.k3s.io/installation/requirements'
+        fi
+    fi
+}
+
 # --- add quotes to command arguments ---
 quote() {
     for arg in "$@"; do
@@ -212,11 +240,7 @@ setup_env() {
             ${invalid_chars}"
     fi
 
-    # --- use sudo if we are not already root ---
-    SUDO=sudo
-    if [ $(id -u) -eq 0 ]; then
-        SUDO=
-    fi
+    set_sudo_cmd
 
     # --- use systemd type if defined or create default ---
     if [ -n "${INSTALL_K3S_TYPE}" ]; then
@@ -1147,6 +1171,7 @@ eval set -- $(escape "${INSTALL_K3S_EXEC}") $(quote "$@")
 # --- run the install process --
 {
     verify_system
+    warn_if_firewall_running
     setup_env "$@"
     download_and_verify
     setup_selinux

From fa315a1b3d3d2f8b87efe4074c68c4d73d3c2509 Mon Sep 17 00:00:00 2001
From: Will Stephenson <wstephenson@suse.com>
Date: Fri, 29 Aug 2025 23:06:15 +0200
Subject: [PATCH 2/2] Update cached sha256 for install.sh

Signed-off-by: Will Stephenson <wstephenson@suse.com>
---
 install.sh.sha256sum | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install.sh.sha256sum b/install.sh.sha256sum
index 6cfc6f3e0130..fc9d53a546d5 100644
--- a/install.sh.sha256sum
+++ b/install.sh.sha256sum
@@ -1 +1 @@
-48fe6ec10517263cc69e1c924cf6b283c59a2b942b9b46186fc7c8d29e6f243a  install.sh
+8b4a2fdc02e053c13705012b69f44a9bdb19c4fe656f783d95ee01a08e39c1e3  install.sh