Am 13.11.18 um 22:04 schrieb Dmitry Smirnov: > On Wednesday, 14 November 2018 6:38:05 AM AEDT Michael Biebl wrote: >> firewalld switched its default backend from iptables to nftables >> recently [1]. Unfortunately, this caused issues with libvirt and as >> reported in [2], also docker. I don't use docker myself, so I'm only >> relaying this information. >> The main problem seems to be, that currently there is no integration >> between docker and firewalld. Both manage firewall rules on their own. >> As soon as nftables(firewalld) and iptables(docker) are mixed, the >> result is a broken network setup. >> Please consider forwarding this issue upstream. Best is probably if >> docker upstream get's in touch with firewalld upstream to figure a >> solution. > > Docker is not great on cooperation (to say the least) and they are perfectly > happy with Docker managing iptables in the way that's incompatible with > everything else. Even trivial bugs like #903635 are practically neglected by > upstream. I have little confidence in upstream motivation to work on this > issue...
Thanks for your feedback, Dmitry. For clarification: I patched firewalld downstream in Debian to default to iptables for now. That said, I would like to / plan to drop this patch again in buster+1. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
