-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/28/2015 04:59 AM, Marcus Meissner wrote:
On Tue, Apr 28, 2015 at 10:43:07AM +0200, Per Jessen wrote:
Uzair Shamim wrote:
I am trying to setup a machine with some docker containers but the default suse firewall is interfering. Normally I would just add the required rules to iptables for NAT and forwarding but it seems suse firewall does not recognize the interface connected to docker so I cannot add rules to allow traffic to/from it. Is there a way to disable the SuSEFirewall and just use plain old iptables?
Yep, that's exactly what you do - disable (or even uninstall) the openSUSE firewall, then add your own iptables script.
What interface is detected? SuSEfirewall would probably put it in the external zone by default.
Ciao, Marcus
@Per Jessen So its fine if I just disable the SuSEFirewall and then build iptables as desired? Obviously I will have to add all the rules I need but this wont cause any known issues? Sounds like a plan. @Marcus Meissner SuSEFirewall does not detect the docker interface. It is fine with non docker virtual interfaces (like those created by libvirt) but it seems it does not know how to handle the interface docker creates. So since it relies on Masquerade/port forward on a interface basis (rather than say with iptables alone where you can just specify the IPs) its unable to even be configured for this. See: http://paste.opensuse.org/view/raw/59129206 and http://paste.opensuse.org/view/raw/17876326 - -- Regards, Uzair Shamim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJVP5p8AAoJEM66EOTZRH6+vUgP+wQ4dLodva/9nOf8ZWS1q/Ej 6X6fwm4ryZi3KdacUPM51j/m0gzv1oA/3JeUYWfbZ3Akj/5rZLrjn0jHNT8MKK9h gSaBYa5pMNMfknown4+uAt2JQMtSsXpPIzBxoKnqWvSQ7fsxBgZWKsteInf696ik vt84mRiC2YXqPSAZ6bWkE7hGVFwQpB5SquEqBKmXgpiSRewOuKmFhLR+Nx33uSiu uCVTLdkaZafnOB4TExKiyEVJ8VYoqhujf9daL/OsGzcZPQ3Kj1uNVsHW9jFxc5RP 5W6QjfW0xK0szO4WBKphghvGrpQiO7pq0oBtFAop0zzJuiWmH9OTHieS6VSlpLno rGQIHhJ8lhT1HRmpGFHrg8SsW8gBIwrSDl9N7mcZwiHWFnoqfII9gbQZZooF83/G DowcO2B005VxDkdr7HXX/KqzzmrDCGqp6I7hqWwHmkCtqDMxWb+HUbVRrPKED+AY XMQ5aJme9oZDe/K303g26JRq9Hgu9YvxK9SmdHm+kpJ8Gmf/iNsyhuw+93NMbjI8 Oek3lEk3pcr1orYnF/xuuccr+E0P6iLsHBip+DMSbIblRWJC9NRhDyzyGz1hmQJH TLUql5VryeK1Jd6Ckv1SOsO3/HWLTnDUuEauitVQzZGK3YfGe7rQfHrJfW+4BrYO ISYDQj1FJhunJwfUdcqz =XZnk -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org