search

RPi-Distro / pi-gen

Tool used to create the official Raspberry Pi OS images
BSD 3-Clause "New" or "Revised" License
2.58k stars 1.61k forks source link

What step adds docker-related iptables rules #676

Open maxpavlov opened 1 year ago

maxpavlov commented 1 year ago

I am building from arm64 branch with a custom stage. Standard stages I use are only stage1 and stage2.

A newly installed os has several entries for docker in it's iptables ipv4 rule file, like this:

-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT

This seems redundant if I am never planning to use docker on the Pi. How can I remove these redundant rules from being added? Thank you.

P.S. Maybe something in my custom stage is adding these, some package I am installing, so feel free to simply tell me it's on my side, and standard stages don't result in these being added. Thanks.

XECDesign commented 1 year ago

It's not something we're doing explicitly and I can't find it in our images. I think something you're installing is adding those rules.