Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

documentation: iptables and firewalld issues #1692

Closed
joaofnfernandes opened this issue Feb 15, 2017 · 2 comments
Closed

documentation: iptables and firewalld issues #1692

joaofnfernandes opened this issue Feb 15, 2017 · 2 comments
Assignees
@mdlinville
Labels
area/engine Issue affects Docker engine/daemon lifecycle/locked
Milestone
network-rewrite

Comments

@joaofnfernandes
Copy link
Contributor

joaofnfernandes commented Feb 15, 2017
edited

@yongshin commented

The customer was frustrated because he didn't understand how Docker natively changes your iptables config: https://docs.docker.com/engine/userguide/networking/default_network/container-communication/#communicating-to-the-outside-world . It is possible to run docker without changing iptables but I don't know if its possible to do for UCP. Either way, the customer wishes this assumption that Docker will change your iptable config is documented:

I just reinstalled UCP on cloud01 again. Later, I realized that Docker, or UCP, will dynamically add firewall rules to the firewall. I realized that if I restart iptables/Netfilter, iptables will also remove any Firewall rules, which will lead to connectivity issues. As a workaround, I need to make sure that I restart the Docker daemon after iptables is restarted, every time.

The same thing can be said with firewalld since firewalld uses iptables underneath the hood.
@joaofnfernandes joaofnfernandes added hackaton area/Enterprise Issue affects Docker Enterprise labels Feb 15, 2017
@joaofnfernandes joaofnfernandes added area/engine Issue affects Docker engine/daemon and removed area/Enterprise Issue affects Docker Enterprise ddc-hackathon labels Apr 11, 2017
@mdlinville
Copy link

Please see if the docs for https://docs.docker.com/engine/userguide/networking/#docker-and-iptables address this. You may want to add appropriate links in UCP docs to point them there.

@mdlinville mdlinville modified the milestone: engine/17.09 Aug 23, 2017
@mdlinville mdlinville modified the milestones: engine/17.09, engine/17.10 Sep 29, 2017
@mdlinville mdlinville modified the milestones: engine/17.10, engine/17.11 Oct 20, 2017
@mdlinville mdlinville modified the milestones: engine/17.11, engine/17.12 Nov 21, 2017
@mdlinville mdlinville mentioned this issue Feb 6, 2018
Merged
@docker-robott
Copy link
Collaborator

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

/lifecycle locked

@docker docker locked and limited conversation to collaborators Mar 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mdlinville mdlinville

Labels
area/engine Issue affects Docker engine/daemon lifecycle/locked
Projects
None yet
Milestone
network-rewrite
Development

No branches or pull requests
3 participants
@joaofnfernandes @mdlinville @docker-robott