What is docker0 interface in firewalld configuration?
Hi, I just started a newly installed Tumbleweed system, which now uses nftables instead of iptables for firewalld. The (new?) default zone for firewalld is public, so all incoming traffic on interfaces goes there if an interface is not connected to a zone. This is now the default; on my other system it is external. This zone "public" allows "services: dhcpv6-client ssh". I will remove ssh from this zone and put a number of source addresses in internal, which allows "services: dhcpv6-client mdns samba-client ssh", so also ssh. This restricts ssh access only to these addresses. I am puzzled about a new zone "docker", which shows up when I use "firewall-cmd --get-active-zones" I get zone "docker" and in it: "target: ACCEPT" and "interfaces: docker0". I can't find a /dev/docker0. What is docker0? -- fr.gr. member openSUSE Freek de Kruijf
Moin, On Wed, 16 Dec 2020, 14:28:16 +0100, Freek de Kruijf wrote:
Hi,
I just started a newly installed Tumbleweed system, which now uses nftables instead of iptables for firewalld.
The (new?) default zone for firewalld is public, so all incoming traffic on interfaces goes there if an interface is not connected to a zone. This is now the default; on my other system it is external. This zone "public" allows "services: dhcpv6-client ssh". I will remove ssh from this zone and put a number of source addresses in internal, which allows "services: dhcpv6-client mdns samba-client ssh", so also ssh. This restricts ssh access only to these addresses.
I am puzzled about a new zone "docker", which shows up when I use "firewall-cmd --get-active-zones" I get zone "docker" and in it: "target: ACCEPT" and "interfaces: docker0". I can't find a /dev/docker0.
What is docker0?
if you enable docker.service, you'll get a new network bridge named "docker0" to deal with all the traffic for/from any docker based containers. HTH, cheers. l8er manfred
participants (2)
-
Freek de Kruijf -
Manfred Hollstein