Shorewall 5.0.6 Beta 1 is now available for testing. New Features:
1) The GATEWAY column in /etc/shorewall[6]/providers may now contain
the keyword 'none'. This will create a routing table with no
default route, to allow handling policy-routing senarios where a
default route is not required.
2) Previously, when both Shorewall and Docker were used on the same
system, one of two approaches had to be followed:
a) Run docker with --iptables=false and use Shorewall to
configure Netfilter.
b) Run docker with ---iptables=true and use extension scripts to
save/restore the Docker-generated rules.
The first is complex and the second is difficult to do in a way
that insures that changes to the Shorewall configuration aren't
lost during restart/reload.
In this release, a new DOCKER option is available in
shorewall.conf. When DOCKER=Yes, the generated script takes
responsibility for saving ad restoring the Docker-generated rules.
The Shorewall implementation assumes that the default 'docker0'
bridge is being used.
It is recommended that docker0 be assigned to a zone in
/etc/shorewall/interfaces. When you do that, the setting
of 'routeback' for that interface determines whether
inter-container communication is allowed. If docker0 is not listed
in the interfaces file, then the Shorewall-generated rules assume
the --icc=true opton to the Docker daemon (inter-container
communication allowed).
Note that DOCKER=Yes is currently supported only in Shorewall and
not in Shorewall6.
This feature has not been tested on a Docker installation; it is
modeled after the extension scripts found at
https://blog.discourse.org/2015/11/shorewalldocker-two-great-tastes-that-taste-great-together/#
Thank you for testing.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
