Last active
November 5, 2021 05:38
-
-
Save dualfade/fea1b8efcc6125c2c7b11cb92ac1a90c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BlackArch / ArchLinux Latest -- | |
Docker UFW issues -- | |
## This is not working anymore with docker-compose -- | |
## see below -- | |
docker.json update -- | |
% cat /etc/docker/daemon.json | |
{ | |
"iptables": false | |
} | |
## update for multi-network -- | |
## docker-compose and friends -- | |
## need to remove iptables for routing to work correctly | |
## not sure if this is an issue yet; will update if so. | |
## https://straz.to/2021-09-08-docker-address-pools/ | |
## yeah this does not abide to iptables fw rules | |
## will need to fix -- | |
## can try iptables: true ???? | |
{ | |
"default-address-pools" : [ | |
{ | |
"base" : "172.17.0.0/12", | |
"size" : 20 | |
}, | |
{ | |
"base" : "192.168.1.0/16", | |
"size" : 24 | |
} | |
], | |
"dns": ["8.8.8.8", "9.9.9.9"] | |
} | |
ufw default fwd policy update -- | |
% cat /etc/default/ufw | ag DEFAULT_FORWARD_POLICY | |
DEFAULT_FORWARD_POLICY="ACCEPT" | |
ufw before.rules -- | |
/etc/ufw/before.rules - add NAT entry | |
# Don't delete these required lines, otherwise there will be errors | |
# NAT table rules | |
*nat | |
:POSTROUTING ACCEPT [0:0] | |
-A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE | |
COMMIT | |
*filter | |
:ufw-before-input - [0:0] | |
:ufw-before-output - [0:0] | |
:ufw-before-forward - [0:0] | |
:ufw-not-local - [0:0] | |
# End required lines | |
----- snip ------ | |
All should play nice again with docker and make it obey iptables. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment