Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firewalld integration #11883

Merged
merged 3 commits into from
Dec 14, 2020
Merged

Firewalld integration #11883

merged 3 commits into from
Dec 14, 2020

Conversation

arkodg
Copy link
Contributor

@arkodg arkodg commented Dec 11, 2020

Added a section mentioning the firewalld integration
and added notes on handling issues we've seen in the
community

Relates to docker/for-linux#1163

Signed-off-by: Arko Dasgupta [email protected]

Firewalld integration
958ab73 
Added a section mentioning the firewalld integration
and added notes on handling issues we've seen in the
community

Relates to docker/for-linux#1163

Signed-off-by: Arko Dasgupta <[email protected]>
@netlify
Copy link

netlify bot commented Dec 11, 2020
edited
Loading

✔️ Deploy preview for docsdocker ready!

🔨 Explore the source changes: c10041c

🔍 Inspect the deploy logs: https://app.netlify.com/sites/docsdocker/deploys/5fd75c7aca7edc000711e555

😎 Browse the preview: https://deploy-preview-11883--docsdocker.netlify.app

@arkodg
Copy link
Contributor Author

arkodg commented Dec 11, 2020

should I also insert a systemctl restart docker in there ?

usha-mandya
usha-mandya reviewed Dec 11, 2020
View reviewed changes
network/iptables.md Outdated Show resolved Hide resolved
usha-mandya
usha-mandya reviewed Dec 11, 2020
View reviewed changes
network/iptables.md Outdated

If you have [firewalld](https://firewalld.org) running on your system and are running Docker (with a version equal to or higher than `v20.10.0`) with `--iptables` enabled, Docker automatically creates a `firewalld` zone called `docker` and inserts all the network interfaces it creates (e.g. `docker0`) into the `docker` zone which allows for seamless networking

**Note**
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you have manually added a known Docker interface such as docker0 to a firewalld zone (such as trusted), and are experiencing any issues with starting the dockerd daemon due to an error similar to:

 failed to start daemon: Error initializing network controller: Error creating default "bridge" network: Failed to program NAT chain: ZONE_CONFLICT: 'docker0' already bound to a zone

Consider running the following firewalld command to remove the docker interface from the zone.

# Please substitute the appropriate zone and docker interface
$ firewall-cmd --zone=trusted --remove-interface=docker0 --permanent
$ firewall-cmd --reload

Restarting dockerd daemon inserts the interface into the docker zone.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sgtm

@arkodg @usha-mandya
Update network/iptables.md
87b2903 
Co-authored-by: Usha Mandya <[email protected]>
@arkodg arkodg mentioned this pull request Dec 11, 2020
Closed
@usha-mandya usha-mandya merged commit 52fde1a into docker:master Dec 14, 2020
@zanna-37
Copy link

If I'm not wrong, masquerading and port forwarding is still done via iptables. Why isn't this specified in the documentation?
@arkodg @usha-mandya @thaJeztah

@polarathene polarathene mentioned this pull request May 23, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@usha-mandya usha-mandya usha-mandya approved these changes

@thaJeztah thaJeztah Awaiting requested review from thaJeztah

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arkodg @zanna-37 @usha-mandya