Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
DOCKER iptables chain problem when used with geerlingguy.firewall #21
I have a simple playbook
After successfull completion running
Workaround is to restart the Docker service
Docker modifies Iptables to fit its needs at the time that a container is run. I'm not sure about that other role since we use our own solution, but we manage our own firewall just like you seem to be doing. My guess at the issue is that docker is messing with some of your firewall rules or your firewall isn't allowing docker to make those rules. This is what we do to solve these conflicts.
First, we configure docker to not touch IPtables at all you can do this with making/editing the
Next you will want to add some iptables commands to your scripts to do the work that docker would have.
Doing this will set up the rules that docker will use to connect different containers and allow them to communicate with the outside world. We use this on several production servers without issue.
Interesting... I might need to do this. Currently, I have a bit of a hack to just do a
But making this role integrate better with the
Don't worry, I'm still thinking about the best fix here. Testing some things now because I'm tired of my first build failing for many of my servers.
For now, the simplest fix (until this issue is closed) is to do one of the following:
Also, the full error message on first start, for posterity:
referenced this issue
May 2, 2018
Fix is in 07e05ef, and that's probably the simplest solution while keeping your firewall rules and configuration somewhat sane—basically make sure you run the