Firewalld integration (#11883)

* Firewalld integration Added a section mentioning the firewalld integration and added notes on handling issues we've seen in the community Relates to docker/for-linux#1163 Signed-off-by: Arko Dasgupta <[email protected]> * Update network/iptables.md Co-authored-by: Usha Mandya <[email protected]> * Minor style edits Co-authored-by: Usha Mandya <[email protected]>
docker · Dec 14, 2020 · 52fde1a · 52fde1a
1 parent 681be44
commit 52fde1a
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/network/iptables.md b/network/iptables.md
@@ -93,3 +93,17 @@ any address on the host. If you want to change that behavior to only
 expose ports on an internal IP address, you can use the `--ip` option to
 specify a different IP address. However, setting `--ip` only changes the
 _default_, it does not _restrict_ services to that IP.
+
+## Integration with Firewalld
+
+If you are running Docker version 20.10.0 or higher with [firewalld](https://firewalld.org){: target="blank" rel="noopener" class=“”} on your system with `--iptables` enabled, Docker automatically creates a `firewalld` zone called `docker` and inserts all the network interfaces it creates (for example, `docker0`) into the `docker` zone to allow seamless networking.
+
+Consider running the following `firewalld` command to remove the docker interface from the zone.
+
+```bash
+# Please substitute the appropriate zone and docker interface
+$ firewall-cmd --zone=trusted --remove-interface=docker0 --permanent
+$ firewall-cmd --reload
+```
+
+Restarting `dockerd` daemon inserts the interface into the `docker` zone.