On 04/18/2016 07:27 PM, Tom Eastep wrote: > On 04/18/2016 09:40 AM, Farkas Levente wrote: >> On 04/17/2016 06:35 PM, Tom Eastep wrote: >>> On 04/17/2016 06:43 AM, Farkas Levente wrote: >>>> On 04/15/2016 05:22 PM, Tom Eastep wrote: >>>>> On 04/12/2016 09:36 AM, Farkas Levente wrote: >>>>>> hi, >>>>>> i see now shorewall supports docker and i read the docs: >>>>>> http://shorewall.net/Docker.html >>>>>> after i install it and compare the generated iptable rules and the >>>>>> differences: >>>>>> - shorewall create more rules then what docker itself add does really >>>>>> all rules required? >>>>>> >>>>>> - after i stop docker use the shorewall generated rules and start again >>>>>> docker it's add one more rule (so probably others are enough to use >>>>>> docker). but this rule shouldn't have to be added by shorewall? >>>>>> -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j >>>>>> ACCEPT >>>>> >>>>> The reason that Shorewall generates that rule is to handle *Shorewall* >>>>> restart. >>>> >>>> the above rule was generated by docker not shorewall what's more this >>>> rule not generated at all by shorewall ie this is the plus rule relative >>>> to shorewall. >>> >>> So you are suggesting that Shorewall show generate that rule when it >>> [re]starts? >> >> i only said these are the rules generated by docker on my system. and >> these rules different form the shorewall generated rules. >> > > Okay. I should note that Shorewall will also work with Docker if you > *do not* define docker0 to Shorewall. I am beginning to think that is a > better way to go, because then Shorewall simply copies/restores all > existing rules associated with docker0.
may be in this case if docker change something what kind of rules it needed you don't have to change anything and always follow docker development. -- Levente "Si vis pacem para bellum!" ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
