I'm playing around with Docker in iptables=false mode. This means, I have to set up a few rules mainly to give some Docker containers access to the shared database on the host.
Docker creates randomly named bridge interfaces such as "br-xxxxxxxxxxxx" when spinning up an image. It may be possible to force a certain naming, but it would be more flexible if I could define networks in Vuurmuur which are not bound to a specific interface. Is this possible?
Cheers!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Sven, it's not possible. Maybe you can use vuurmuur_script to update the interface settings on the fly, but I'm not sure how that would work with docker.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for your reply... no surprise, I was expecting this answer. :-) However, I figured out how to have a predictable bridge name set in docker-compose.yml, this way, the rules can remain static. In case someone ends up on the same spot, here's what has to be added in order to define the bridge name and subnet for the default network in docker-compose.yml:
With this in place, it's easy to add a network for 172.16.123.0/255.255.255.0 on interface br-whatever in Vuurmuur. The bridge connects 172.16.123.1 on the host with 172.16.123.2 in the container.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
I'm playing around with Docker in iptables=false mode. This means, I have to set up a few rules mainly to give some Docker containers access to the shared database on the host.
Docker creates randomly named bridge interfaces such as "br-xxxxxxxxxxxx" when spinning up an image. It may be possible to force a certain naming, but it would be more flexible if I could define networks in Vuurmuur which are not bound to a specific interface. Is this possible?
Cheers!
Hi Sven, it's not possible. Maybe you can use
vuurmuur_scriptto update the interface settings on the fly, but I'm not sure how that would work with docker.Hi Victor
Thanks for your reply... no surprise, I was expecting this answer. :-) However, I figured out how to have a predictable bridge name set in
docker-compose.yml,this way, the rules can remain static. In case someone ends up on the same spot, here's what has to be added in order to define the bridge name and subnet for the default network indocker-compose.yml:With this in place, it's easy to add a network for 172.16.123.0/255.255.255.0 on interface
br-whateverin Vuurmuur. The bridge connects 172.16.123.1 on the host with 172.16.123.2 in the container.Ah that is a nice solution. Thanks for sharing it here!