We have a bunch of services running on Docker bridged networks via docker-compose. The current script doesn't setup all the iptables rules exactly like the Docker daemon, which would cause everything to break everytime 'csf' got restarted. This PR contains the fixes that worked for me!
I used iptables-save to dump the rules that get setup by starting CSF then the Docker daemon without this script. Then I added the script, restarted CSF and iptables-save to dump the rules generated by this script, and compared them via diff - the only difference with my PR is the order that containers or networks are added, which is really just a difference in the order when looping - in everyway that matters the result is the same in our testing!
ghost
commented
7 years ago
We have a bunch of services running on Docker bridged networks via docker-compose. The current script doesn't setup all the iptables rules exactly like the Docker daemon, which would cause everything to break everytime 'csf' got restarted. This PR contains the fixes that worked for me!
I used
iptables-saveto dump the rules that get setup by starting CSF then the Docker daemon without this script. Then I added the script, restarted CSF andiptables-saveto dump the rules generated by this script, and compared them viadiff- the only difference with my PR is the order that containers or networks are added, which is really just a difference in the order when looping - in everyway that matters the result is the same in our testing!