search

docker / docs

Source repo for Docker's Documentation
https://docs.docker.com
Apache License 2.0
4.13k stars 7.15k forks source link

It should note that bridge interface may need to be added to a firewall zone with firewalld #11691

Open yryo617 opened 3 years ago

yryo617 commented 3 years ago

File: network/network-tutorial-standalone.md

This article should include warning that in some environments (e.g. firewalld on clean-install CentOS 8) user-defined bridge interface (which may be done via docker-compose) must be added to a zone using firewall-cmd. Without a zone defined, firewalld will prohibit any communication between containers using that bridge.

devZer0 commented 3 years ago

yes please!!! pulling my hair out for >1 hour now because of this !!!

devZer0 commented 3 years ago

oh, btw - adding that interfaces manually via firewall-cmd is a workaround - not a solution.

the solution is, to integrate docker with firewalld on centos8.

i'm curious how centos8 is mentioned for usage when integration apparently is incomplete.

https://docs.docker.com/engine/install/centos/#prerequisites "To install Docker Engine, you need a maintained version of CentOS 7 or 8"

there should at least exist a hint with some warning that br-${docker_network_id} don't get added to appropriate firewalld zone and thus, outgoing conections from inside docker containers won't work

docker-robott commented 1 year ago

There hasn't been any activity on this issue for a long time. If the problem is still relevant, mark the issue as fresh with a /remove-lifecycle stale comment. If not, this issue will be closed in 14 days. This helps our maintainers focus on the active issues.

Prevent issues from auto-closing with a /lifecycle frozen comment.

/lifecycle stale

devZer0 commented 1 year ago

/remove-lifecycle stale

rodrigogonegit commented 3 weeks ago

This is happening to me after upgrading to docker Docker version 27.1.2, build d01f264 and firewalld 1.3.3. Debian 12.

How to reproduce: