[Shorewall-users] Docker Bridge - Howto deal with it?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,

I have started playing around with docker (https://www.docker.io/) and am 
having trouble to integrate the "docker0" bridge it creates on the fly into 
my shorewall setup (version 4.5.16.1) on debian testing.

IP forwarding is on and I have defined a "doc" ipv4 zone and the interfaces 
has an entry like so,
> doc     docker0    tcpflags,nosmurfs,logmartians,bridge,routeback,optional

and "policy" like so
>doc     net     ACCEPT

However, when firing up an container and trying to acces the web, "shorewall 
logwatch" is giving me entries like
>doc2net:REJECT:IN=docker0 OUT=eth0 PHYSIN=veth3sm8hc SRC=172.17.0.7 
DST=192.168.100.1 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=19346 DF PROTO=UDP 
SPT=52963 DPT=53 LEN=48

Can anyone hint at what else I need?

Docker generates on the fly a interface like so:
vethuZdLHZ Link encap:Ethernet  HWaddr fe:65:f2:16:ef:60  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1166 (1.1 KiB)  TX bytes:42 (42.0 B)

Do I have to list this explicitly and can wildcarding be used in interface 
definition?

Thanks for any pointers.

Sincerely, Joh