Re: [Shorewall-users] Custom Docker Interface Names

Thu, 21 Jun 2018 18:44:49 -0700 

On 06/21/2018 01:31 PM, Connor Schlesiger wrote:
> Greetings,
> 
> I am using Docker with Shorewall and the two work quite well together.
> However, with `docker-compose` I have run into scenarios where I must
> create a new bridge.
> 
> With docker-compose, it is possible to name the new bridge. For example:
> 
> ```
> # docker-compose.yml
> 
> networks:
>   router:
>     driver: bridge
>     driver_opts:
>       com.docker.network.bridge.name: docker1
> ```
> 
> I then add `docker1` to the Shorewall `interfaces` config:
> 
> ```
> #ZONE           INTERFACE               OPTIONS
> # ...
> dock            docker0                 optional,bridge,routeback
> dock            docker1                 optional,bridge,routeback
> ```
> 
> However, Shorewall will only restore `docker0` on restart, while
> `docker1` iptables will be lost.
> 
> I'd like to suggest a change to the `shorewall.conf`. It would be nice
> if instead of only `DOCKER=No` and `DOCKER=Yes`, we had the ability to
> also supply the docker interfaces. For example, `DOCKER=docker0`, or
> `DOCKER=docker0,docker1`, or perhaps a second parameter such as
> `DOCKER_INTERFACES=docker0,docker1` combined with `DOCKER=Yes`. Then on
> Shorewall restart, the script responsible to restoring the Docker
> iptables could repeat over each interface supplied.
> 
> Unless of course I have missed something and there is another solution.
> 

I'll put something in 5.2.1-Beta2 if you are willing to test it :-)

Regards,
-Tom

-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to