Re: [Shorewall-users] Shorewalll blocks Docker url

Wed, 01 Sep 2021 02:41:58 -0700 

On 9/1/2021 10:55 AM, Franz Holzinger wrote:
>>> I have this policy file:
>>> fw net ACCEPT
>>> fw dock ACCEPT
>>> dock all ACCEPT
>>> net all DROP info
>>> all all REJECT info
>>>
> 
>> Given the last policy, are you seeing anything in the log (REJECT for
>> that port)?
> I get these logfile entries for the DDEV url 
> https://umgebung1.ddev.site:8443/:
> 
> Sep 1 10:36:44 franz-820 kernel: [16328.774791] INPUT REJECT 
> IN=br-81fbb014aa75 OUT= PHYSIN=veth0bab8b8 
> MAC=02:42:c7:d7:7d:a9:02:42:ac:12:00:06:08:00 SRC=172.18.0.6 DST=172.18.0.1 
> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=8443 DPT=36868 
> WINDOW=65160 RES=0x00 ACK SYN URGP=0
> Sep 1 10:36:59 franz-820 slack.desktop[2342]: [09/01/21, 10:36:59:270] info: 
> [DND] (T024TUMLZ) Checking for changes in DND status for the following 
> members: U07FRBCHE
> Sep 1 10:36:59 franz-820 slack.desktop[2342]: [09/01/21, 10:36:59:270] info: 
> [DND] (T024TUMLZ) Will check for changes in DND status again in 5 minutes
> Sep 1 10:37:00 franz-820 kernel: [16345.158548] INPUT REJECT 
> IN=br-81fbb014aa75 OUT= PHYSIN=veth0bab8b8 
> MAC=02:42:c7:d7:7d:a9:02:42:ac:12:00:06:08:00 SRC=172.18.0.6 DST=172.18.0.1 
> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=8443 DPT=36868 
> WINDOW=65160 RES=0x00 ACK SYN URGP=0
> 
> 
> shorewall logwatch:
> 
> Sep 1 10:52:19 INPUT REJECT IN=br-81fbb014aa75 OUT= PHYSIN=veth0bab8b8 
> SRC=172.18.0.6 DST=172.18.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
> PROTO=TCP SPT=8443 DPT=37382 WINDOW=65160 RES=0x00 ACK SYN URGP=0
> 

Clearly the traffic between interfaces (br-81fbb014aa75 and veth0bab8b8
 is 'rejected.

Are the containers on a bridge?

It looks like the interfaces are not properly defined in the zones.

You said that you used 'docker0' in your interfaces file.

-- 
Matt Darfeuille <m...@shorewall.org>
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to