Less ambiguity about iptables and docker + firewalld

[vijdz]

Is this a docs issue?

• My issue is about the documentation content or website

Type of issue

Other

Location

https://docs.docker.com/network/packet-filtering-firewalls#integration-with-firewalld

Description

Current text :

If you are running Docker with firewalld on your system with --iptables enabled, Docker automatically creates a firewalld zone called docker and inserts all the network interfaces it creates (for example, docker0) into the docker zone to allow seamless networking.

It is unclear if we need to have docker with --iptables or firewalld with iptables backend (instead of nftables), since they both provide such an option. Which one is it ? It seems we talk about firewalld, but I guess we're talking about "DOCKER_OPTS=--iptables" ?

Suggestion

If you are running Docker with --iptables and firewalld is enabled on your system, Docker automatically creates a firewalld zone called docker and inserts all the network interfaces it creates (for example, docker0) into the docker zone to allow seamless networking.

[dvdksn]

cc @robmry

[docker-robot]

There hasn't been any activity on this issue for a long time.
If the problem is still relevant, mark the issue as fresh with a /remove-lifecycle stale comment.
If not, this issue will be closed in 14 days. This helps our maintainers focus on the active issues.

Prevent issues from auto-closing with a /lifecycle frozen comment.

/lifecycle stale

[robmry]

/remove-lifecycle stale

[robmry]

The suggestion LGTM.

(There's no --iptables option in firewalld or firewall-cmd - so I think the existing text ends up being unambiguous, but the proposed text is clearer.)