Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates for moby 28.0.1 #22086

Merged
merged 3 commits into from
Feb 26, 2025
Merged

Updates for moby 28.0.1 #22086

merged 3 commits into from
Feb 26, 2025

Conversation

robmry
Copy link
Contributor

@robmry robmry commented Feb 23, 2025

Description

  • Describe new iptables chain DOCKER-FORWARD, which splits Docker's rules out of the main FORWARD chain where they were being antisocial - related to Add chain DOCKER-FORWARD moby/moby#49518
  • Update notes about IP Forwarding and the default DROP policy
  • Only engine < 28.0.0 allows remote access to ports published to the localhost address

Related issues or tickets

Reviews

  • Technical review
  • Editorial review
  • Product review

@robmry
Add new DOCKER-FORWARD chain to the iptables description
4c517e9 
Signed-off-by: Rob Murray <rob.murray@docker.com>
@github-actions github-actions bot added area/engine Issue affects Docker engine/daemon area/networking Relates to anything around networking labels Feb 23, 2025
@netlify Netlify
Copy link

netlify bot commented Feb 23, 2025
edited
Loading

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 0a94868
🔍 Latest deploy log https://app.netlify.com/sites/docsdocker/deploys/67bc4c01f2e13c000866f973
😎 Deploy Preview https://deploy-preview-22086--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@robmry robmry marked this pull request as ready for review February 23, 2025 12:44
@robmry
Update notes about IP Forwarding and the default DROP policy
1302418 
Signed-off-by: Rob Murray <rob.murray@docker.com>
@robmry
Only engine < 28.0.0 allows remote access to localhost ports
0a94868 
Signed-off-by: Rob Murray <rob.murray@docker.com>
@robmry robmry force-pushed the add_docker_forward_moby_28.0.1 branch from 69cc8ea to 0a94868 Compare February 24, 2025 10:37
@thaJeztah
Copy link
Member

Just a quick check, because I tend to zone out on iptables rules 😂 - with the rewrite, the docs are still usable for those who didn't update to v28.0.0 / v28.0.1, or is there a differentiation we need to make ("if you're running < v28.0, then ....")?

I know we try to keep our docs reflect "current version" in most cases, but just in case it's relevant for people who are not yet on latest.

@robmry
Copy link
Contributor Author

robmry commented Feb 24, 2025

Just a quick check, because I tend to zone out on iptables rules 😂 - with the rewrite, the docs are still usable for those who didn't update to v28.0.0 / v28.0.1, or is there a differentiation we need to make ("if you're running < v28.0, then ....")?

I know we try to keep our docs reflect "current version" in most cases, but just in case it's relevant for people who are not yet on latest.

I think it's ok ... in the third commit I left in the warning about remote access to ports published to 127.0.0.1 ("In releases older than 28.0.0 ..."). And, in the second commit I noted the change in setting the FORWARD policy to DROP (with another "In releases older than 28.0.0, ..." warning).

@thaJeztah
Copy link
Member

☝️ to prevent accidental merge; I think these docs changes should go in after we did the v28.0.1 release, so don't merge yet until we did to prevent confusion 😅

@aevesdocker aevesdocker added the status/do-not-merge Pull requests that are awaiting some event or decision before they can be merged. label Feb 24, 2025
@thaJeztah thaJeztah mentioned this pull request Feb 26, 2025
Merged
3 tasks
@aevesdocker aevesdocker removed the status/do-not-merge Pull requests that are awaiting some event or decision before they can be merged. label Feb 26, 2025
@aevesdocker aevesdocker merged commit 2090e5b into docker:main Feb 26, 2025
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akerouanton akerouanton

@aevesdocker aevesdocker

@thaJeztah thaJeztah

Assignees
No one assigned
Labels
area/engine Issue affects Docker engine/daemon area/networking Relates to anything around networking
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@robmry @thaJeztah @akerouanton @aevesdocker