On Wed, Jan 25, 2017 at 1:50 AM, Tom Eastep <teas...@shorewall.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 01/24/2017 03:40 AM, Raphael Bauduin wrote:
> > Hi,
> >
> > I'm running shorewall 5.0.14.1 on centos 7.3.1611, and I have
> > enabled docker in shorwall.conf:
> >
> > # grep DOCKER shorewall.conf DOCKER=Yes
> >
> > I have defined a zone for docker:
> >
> > # grep dock * interfaces:dock docker0 bridge policy:dock all
> > REJECT info zones:dock ipv4
> >
> > when I start shorewall, there is no DOCKER chain created:
> >
> > # iptables -t nat -L | grep -i docker | wc -l 0
> >
> > From my undestanding it should have been created. Am I wrong or am
> > I doing something wrong?
> >
>
> Shorewall only (re-)creates the chain if it exists before the
> (re-)start or reload.
OK, thanks. I got in a situation where the DOCKER chain was absent. I think
it was following a shorewall restore at boot when docker was already
started.
In that case, starting a container failed because docker expected the chain
to be present, but it wasn't as the restore from shorewall had removed it.
Raphaël
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
