On 04/12/2016 09:36 AM, Farkas Levente wrote: > hi, > i see now shorewall supports docker and i read the docs: > http://shorewall.net/Docker.html > after i install it and compare the generated iptable rules and the > differences: > - shorewall create more rules then what docker itself add does really > all rules required? > > - after i stop docker use the shorewall generated rules and start again > docker it's add one more rule (so probably others are enough to use > docker). but this rule shouldn't have to be added by shorewall? > -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
The reason that Shorewall generates that rule is to handle *Shorewall* restart. > > - whithout really try to understand all rules the main difference that > shorewall accept and masquarade all 80 and 443 connection to the docker > network. is it by design? since by default docker do not create such rules. > I don't run Docker and I don't plan to -- I got the ruleset from another Docker user who claimed that Docker was generating the rules. Again, Shorewall is generating these rules so that it doesn't break Docker when Shorewall restarts/reloads. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
