Open yryo617 opened 3 years ago
yes please!!! pulling my hair out for >1 hour now because of this !!!
oh, btw - adding that interfaces manually via firewall-cmd is a workaround - not a solution.
the solution is, to integrate docker with firewalld on centos8.
i'm curious how centos8 is mentioned for usage when integration apparently is incomplete.
https://docs.docker.com/engine/install/centos/#prerequisites "To install Docker Engine, you need a maintained version of CentOS 7 or 8"
there should at least exist a hint with some warning that br-${docker_network_id} don't get added to appropriate firewalld zone and thus, outgoing conections from inside docker containers won't work
There hasn't been any activity on this issue for a long time.
If the problem is still relevant, mark the issue as fresh with a /remove-lifecycle stale
comment.
If not, this issue will be closed in 14 days. This helps our maintainers focus on the active issues.
Prevent issues from auto-closing with a /lifecycle frozen
comment.
/lifecycle stale
/remove-lifecycle stale
This is happening to me after upgrading to docker Docker version 27.1.2, build d01f264
and firewalld 1.3.3
. Debian 12.
How to reproduce:
docker network create --driver bridge mytestnet
docker run --net mytestnet --name terminal_a -it busybox sh
docker run --net mytestnet --name terminal_b -it busybox sh
sudo systemctl start firewalld.service
ip -br a
to save which interface points to the network you created above, in my case it is br-281213661d1e
sudo firewall-cmd --zone=docker --change-interface=br-281213661d1e
to add said interface to the docker zone
File: network/network-tutorial-standalone.md
This article should include warning that in some environments (e.g. firewalld on clean-install CentOS 8) user-defined bridge interface (which may be done via docker-compose) must be added to a zone using firewall-cmd. Without a zone defined, firewalld will prohibit any communication between containers using that bridge.