Mailinglist Archive: opensuse-factory (437 mails)

< Previous Next >
Re: [opensuse-factory] Switching SuSEFirewall for iptables
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/28/2015 04:59 AM, Marcus Meissner wrote:
On Tue, Apr 28, 2015 at 10:43:07AM +0200, Per Jessen wrote:
Uzair Shamim wrote:

I am trying to setup a machine with some docker containers but
the default suse firewall is interfering. Normally I would
just add the required rules to iptables for NAT and forwarding
but it seems suse firewall does not recognize the interface
connected to docker so I cannot add rules to allow traffic
to/from it. Is there a way to disable the SuSEFirewall and
just use plain old iptables?

Yep, that's exactly what you do - disable (or even uninstall) the
openSUSE firewall, then add your own iptables script.

What interface is detected? SuSEfirewall would probably put it in
the external zone by default.

Ciao, Marcus


@Per Jessen
So its fine if I just disable the SuSEFirewall and then build iptables
as desired? Obviously I will have to add all the rules I need but this
wont cause any known issues? Sounds like a plan.

@Marcus Meissner
SuSEFirewall does not detect the docker interface. It is fine with non
docker virtual interfaces (like those created by libvirt) but it seems
it does not know how to handle the interface docker creates. So since
it relies on Masquerade/port forward on a interface basis (rather than
say with iptables alone where you can just specify the IPs) its unable
to even be configured for this.

See: http://paste.opensuse.org/view/raw/59129206 and
http://paste.opensuse.org/view/raw/17876326

- --
Regards,
Uzair Shamim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVP5p8AAoJEM66EOTZRH6+vUgP+wQ4dLodva/9nOf8ZWS1q/Ej
6X6fwm4ryZi3KdacUPM51j/m0gzv1oA/3JeUYWfbZ3Akj/5rZLrjn0jHNT8MKK9h
gSaBYa5pMNMfknown4+uAt2JQMtSsXpPIzBxoKnqWvSQ7fsxBgZWKsteInf696ik
vt84mRiC2YXqPSAZ6bWkE7hGVFwQpB5SquEqBKmXgpiSRewOuKmFhLR+Nx33uSiu
uCVTLdkaZafnOB4TExKiyEVJ8VYoqhujf9daL/OsGzcZPQ3Kj1uNVsHW9jFxc5RP
5W6QjfW0xK0szO4WBKphghvGrpQiO7pq0oBtFAop0zzJuiWmH9OTHieS6VSlpLno
rGQIHhJ8lhT1HRmpGFHrg8SsW8gBIwrSDl9N7mcZwiHWFnoqfII9gbQZZooF83/G
DowcO2B005VxDkdr7HXX/KqzzmrDCGqp6I7hqWwHmkCtqDMxWb+HUbVRrPKED+AY
XMQ5aJme9oZDe/K303g26JRq9Hgu9YvxK9SmdHm+kpJ8Gmf/iNsyhuw+93NMbjI8
Oek3lEk3pcr1orYnF/xuuccr+E0P6iLsHBip+DMSbIblRWJC9NRhDyzyGz1hmQJH
TLUql5VryeK1Jd6Ckv1SOsO3/HWLTnDUuEauitVQzZGK3YfGe7rQfHrJfW+4BrYO
ISYDQj1FJhunJwfUdcqz
=XZnk
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >