-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/13/2017 11:46 PM, Raphael Bauduin wrote: > > > On Thu, Feb 9, 2017 at 12:47 PM, Raphael Bauduin > <rbli...@gmail.com <mailto:rbli...@gmail.com>> wrote: > > > > On Wed, Jan 25, 2017 at 9:35 AM, Raphael Bauduin > <rbli...@gmail.com <mailto:rbli...@gmail.com>> wrote: > > > > On Wed, Jan 25, 2017 at 1:50 AM, Tom Eastep <teas...@shorewall.net > <mailto:teas...@shorewall.net>> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > > On 01/24/2017 03:40 AM, Raphael Bauduin wrote: >> Hi, >> >> I'm running shorewall 5.0.14.1 on centos 7.3.1611, and I have >> enabled docker in shorwall.conf: >> >> # grep DOCKER shorewall.conf DOCKER=Yes >> >> I have defined a zone for docker: >> >> # grep dock * interfaces:dock docker0 bridge policy:dock >> all REJECT info zones:dock ipv4 >> >> when I start shorewall, there is no DOCKER chain created: >> >> # iptables -t nat -L | grep -i docker | wc -l 0 >> >> From my undestanding it should have been created. Am I wrong or >> am I doing something wrong? >> > > Shorewall only (re-)creates the chain if it exists before the > (re-)start or reload. > > > OK, thanks. I got in a situation where the DOCKER chain was absent. > I think it was following a shorewall restore at boot when docker > was already started. In that case, starting a container failed > because docker expected the chain to be present, but it wasn't as > the restore from shorewall had removed it. > > > Hi, > > shorewall restart (or stop and start) seems to loose the DOCKER > rules: > > # shorewall forget # systemctl restart docker # iptables -L -n | > grep DOCKER DOCKER-ISOLATION all -- 0.0.0.0/0 <http://0.0.0.0/0> > 0.0.0.0/0 <http://0.0.0.0/0> DOCKER all -- 0.0.0.0/0 > <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> Chain DOCKER (1 > references) Chain DOCKER-ISOLATION (1 references) # shorewall > restart > /tmp/out
With Docker running, does the DOCKER chain also exist in the nat table? - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYpN2rAAoJEJbms/JCOk0Q3oIP/0VsbRJHAkjm1JmVZocjNiQj xDyeOxrZZj+08JeeoZdhWiQkVcECFVLSRUxGVfgd1leuFQoFwJ2Fz5048IO9SErD 31IfC0/UWUAkKsuC3R9t5840bLziV9pEU9oRkDaxEGtGM9uaB6YGKhZJhBLoclhH WgHARPWg72TT7xU4U47w0Ghum1tKU+i6h3kHNIqD+PTiswIFEhWi00TdRSQikRvT /QeiJLjjJGkPbjeiJefe3QY7qoxviOZXwy+MreOCrr/U6/QBnJTK2/IxwsTXDNra jkWxD/4LC28nmftk5nS2axQWnNTap5Z0/F5qOtHF0+RX/fyDxzV3K83i3W22wWUB 1BKeJYxcYZksAp9zSSHwP272SuAvnCYgZRSJgBhawOxOMDR29LtUBeXfNwhzusfB gJ7GN+rBXNflxUBEJcF4HgzxKuOYZIHwKaXPBp2zrhJLPgtib+C0Fs2r0IT0Oyzy vMbdGn41Mkk5fkGDbYm7DohgJ6NY5J+TZWYDWUuEcd9HVFKQOTROtxieAWLr8gyC kMP6UijbbiowWfGIx5tj8cE8ibHGFXKcU4De/MreN5kENJ1DIKmFdSsZkVviSLbn VKhViFJY9C5tLZeujxrsHeKarKQBqTN/dtDb3Zd0toFT+Za4WrugDbNWsHjiNIJJ A9TDQPLtwbd48Zy6Ab7X =WVp/ -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
