From: Johannes G. <joh...@we...> - 2013-08-29 20:44:08
|
Hello, I have started playing around with docker (https://www.docker.io/) and am having trouble to integrate the "docker0" bridge it creates on the fly into my shorewall setup (version 4.5.16.1) on debian testing. IP forwarding is on and I have defined a "doc" ipv4 zone and the interfaces has an entry like so, > doc docker0 tcpflags,nosmurfs,logmartians,bridge,routeback,optional and "policy" like so >doc net ACCEPT However, when firing up an container and trying to acces the web, "shorewall logwatch" is giving me entries like >doc2net:REJECT:IN=docker0 OUT=eth0 PHYSIN=veth3sm8hc SRC=172.17.0.7 DST=192.168.100.1 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=19346 DF PROTO=UDP SPT=52963 DPT=53 LEN=48 Can anyone hint at what else I need? Docker generates on the fly a interface like so: vethuZdLHZ Link encap:Ethernet HWaddr fe:65:f2:16:ef:60 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15 errors:0 dropped:0 overruns:0 frame:0 TX packets:1 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1166 (1.1 KiB) TX bytes:42 (42.0 B) Do I have to list this explicitly and can wildcarding be used in interface definition? Thanks for any pointers. Sincerely, Joh |