Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Docker does not check kernel's setting concerning bridge traffic filtering #11404
Kernel has several parameters controlling filtering of bridge traffic (viz sysctl entries):
Their default value on Fedora/RHEL systems is 0 (since bug #512206). Therefore, by default, iptables' rules do not affect bridge's traffic. Thus docker images are allowed to communicate regardless of
Docker should check these parameters and refuse to start if inter-container communication is prohibited with
I assume that checking
I'll post PR concerning this issue later today.