Uzair Shamim wrote:
On 04/28/2015 10:34 AM, Uzair Shamim wrote:
On 04/28/2015 04:59 AM, Marcus Meissner wrote:
On Tue, Apr 28, 2015 at 10:43:07AM +0200, Per Jessen wrote:
Uzair Shamim wrote:
I am trying to setup a machine with some docker containers but the default suse firewall is interfering. Normally I would just add the required rules to iptables for NAT and forwarding but it seems suse firewall does not recognize the interface connected to docker so I cannot add rules to allow traffic to/from it. Is there a way to disable the SuSEFirewall and just use plain old iptables?
Yep, that's exactly what you do - disable (or even uninstall) the openSUSE firewall, then add your own iptables script.
What interface is detected? SuSEfirewall would probably put it in the external zone by default.
Ciao, Marcus
@Per Jessen So its fine if I just disable the SuSEFirewall and then build iptables as desired? Obviously I will have to add all the rules I need but this wont cause any known issues? Sounds like a plan.
Just tried this. There is no iptables service, how can I control (start/stop) iptables?
Apologies, I assumed you were familiar with how to build a firewall using iptables. It is typically just a script filled with iptables commands which construct the firewall setup. Such a script is easily called with a systemd service unit: [Unit] Description=firewall After=network.target [Service] Type=oneshot ExecStart=/usr/sbin/firewall ExecStop=/usr/sbin/firewall stop RemainAfterExit=yes [Install] WantedBy=multi-user.target If you don't have a firewall script/setup already built and ready to use, you'e probably better of with using the openSUSE firewall. -- Per Jessen, Zürich (9.6°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org