![]() You can also do this on the command line. The short version is that you specify the networks section in a docker-file, like this: version: '3'Ĭom.: mynetwork_name You can also specify your own network in docker. ![]() You will have to repeat the direct-rule statement above with this bridge interface. You can see that interface with the command ip address show If you repeat the same command without the -permanent switch, firewalld will make the change on the fly for you, and you should not need to restart docker.Ī second reason is that, depending on the version of docker and the networking you configured, traffic may not actually flow across the docker0 interface, but through a separate bridge interface. For example, for port 3306 (i.e., mysqld on the local host), you'd need this rule: /bin/firewall-cmd -direct -permanent -add-rule ipv4 filter INPUT 10 -p tcp -dport 3306 -i docker0 -j ACCEPT The solution is to use a firewalld direct rule instead of the trusted zone. To verify this, you can look at the generated iptables rules unless you are using the nbt backend: iptables -vnL | less ![]() As long as any of your zones happens to include the IP addresses docker is using, the ACCEPT rule in the trusted zone will never get processed. It also processes zones based on IP address before zones based on interfaces. Firewalld only processes the first matching zone for any connections. One reason the accepted solution works for some people but not for others lies in a design issue of firewalld. To allow Apple devices in the main VLAN to use AirPlay on TV and speakers in the IoT VLAN.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |