Docker handling #5

Manually merged

lpoujol merged 2 commits from docker into master

2020-07-27 10:43:27 +02:00

Author SHA1 Message Date

Author	SHA1	Message	Date
Ludovic Poujol	7c384a777b	Better handling of Docker to match the usual minifirewall behaviour Revert some changes from `0ec2cb2f4b` like the SERVICESTCP4 SERVICESUDP4 Instead, we'll re-create the usual behaviour of public, privileged and trusted ports for docker when the variable DOCKER is set to "on"	2020-07-27 10:33:40 +02:00
Ludovic Poujol	0ec2cb2f4b	Make it compatible with docker Add a new variable "DOCKER" that should be set to "on" when this is a docker machine. It will - Disable the nat tables flush on stop/restart Reason : Not breaking outgoing networking for containers - Create the "DOCKER-USER" chain, and add a DROP By default everything is closed and we don't expose services to the outside world - Add rules in the "DOCKER-USER" chain to open services to the outside world. Untested with swarm	2020-02-25 16:33:24 +01:00

Ludovic Poujol

7c384a777b

Better handling of Docker to match the usual minifirewall behaviour

Revert some changes from 0ec2cb2f4b
like the SERVICESTCP4 SERVICESUDP4

Instead, we'll re-create the usual behaviour of public, privileged and
trusted ports for docker when the variable DOCKER is set to "on"

2020-07-27 10:33:40 +02:00

Ludovic Poujol

0ec2cb2f4b

Make it compatible with docker

Add a new variable "DOCKER" that should be set to "on" when this is a
docker machine.

It will
- Disable the nat tables flush on stop/restart
  Reason : Not breaking outgoing networking for containers

- Create the "DOCKER-USER" chain, and add a DROP
  By default everything is closed and we don't expose services to the
  outside world

- Add rules in the "DOCKER-USER" chain to open services to the outside
  world.

Untested with swarm

2020-02-25 16:33:24 +01:00

Docker handling #5

2 Commits