Re: [Shorewall-users] Custom Docker Interface Names

Sat, 23 Jun 2018 02:37:28 -0700 

Thanks! I am happy to test!


Jun. 21, 2018, 9:42 p.m. by teas...@shorewall.net:

> On 06/21/2018 01:31 PM, Connor Schlesiger wrote:
>
>> Greetings,
>>
>> I am using Docker with Shorewall and the two work quite well together.
>> However, with `docker-compose` I have run into scenarios where I must
>> create a new bridge.
>>
>> With docker-compose, it is possible to name the new bridge. For example:
>>
>> ```
>> # docker-compose.yml
>>
>> networks:
>>   router:
>>     driver: bridge
>>     driver_opts:
>>       com.docker.network.bridge.name: docker1
>> ```
>>
>> I then add `docker1` to the Shorewall `interfaces` config:
>>
>> ```
>> #ZONE           INTERFACE               OPTIONS
>> # ...
>> dock            docker0                 optional,bridge,routeback
>> dock            docker1                 optional,bridge,routeback
>> ```
>>
>> However, Shorewall will only restore `docker0` on restart, while
>> `docker1` iptables will be lost.
>>
>> I'd like to suggest a change to the `shorewall.conf`. It would be nice
>> if instead of only `DOCKER=No` and `DOCKER=Yes`, we had the ability to
>> also supply the docker interfaces. For example, `DOCKER=docker0`, or
>> `DOCKER=docker0,docker1`, or perhaps a second parameter such as
>> `DOCKER_INTERFACES=docker0,docker1` combined with `DOCKER=Yes`. Then on
>> Shorewall restart, the script responsible to restoring the Docker
>> iptables could repeat over each interface supplied.
>>
>> Unless of course I have missed something and there is another solution.
>>
>
> I'll put something in 5.2.1-Beta2 if you are willing to test it :-)
>
> Regards,
> -Tom
>
> -- 
> Tom Eastep        \   Q: What do you get when you cross a mobster with
> Shoreline,         \     an international standard?
> Washington, USA     \ A: Someone who makes you an offer you can't
> http://shorewall.org <http://shorewall.org>>  \   understand
>  \_______________________________________________
>


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to