moby icon indicating copy to clipboard operation
moby copied to clipboard
verified publisher icon moby

Reinitialize Firewall Configuration

Open akama-aka opened this issue 1 year ago • 1 comments

Description

Hello, this is the third time that I have had problems with the Docker rules after making changes to my firewall, even though I have not interacted with it at all.

I generally wonder how it can be that such a tool can be so sensitive to firewall changes and also offers no function at all to reload the firewall settings. I would think it would be a good idea to be able to easily (without Docker having to be started) reload the firewall rules that Docker needs because otherwise it just sucks to have an hour-long outage just because of a firewall change that wasn't even related to Docker but still causes problems.

akama-aka avatar Oct 12 '24 22:10 akama-aka

HI @akama-aka - this might be something we could add, when running with firewalld there's already a reload function - a firewalld reload flushes the rules.

But it'd be good to understand a little more about the use case ... could you outline the changes that broke things for you, how they were applied, and how docker or other applications were affected? My concern is that just re-creating docker's rules might not help.

I guess this was with docker-ce on Linux, not in rootless mode? Are you using firewalld/ufw, iptables or nft commands?

robmry avatar Oct 17 '24 09:10 robmry

HI @akama-aka - this might be something we could add, when running with firewalld there's already a reload function - a firewalld reload flushes the rules.

But it'd be good to understand a little more about the use case ... could you outline the changes that broke things for you, how they were applied, and how docker or other applications were affected? My concern is that just re-creating docker's rules might not help.

I guess this was with docker-ce on Linux, not in rootless mode? Are you using firewalld/ufw, iptables or nft commands?

Hello thank you for your reply. Yes I don't use it in rootless mode. I'm not really speaking about a reload feature I write more of a reset feature. Like that all existing Docker Networks and Bindings were flushed and re-set for all containers.

I just wanted to add a new Ingress rule to a service that apparently didn't exist. After I manually fixed the error in the FirewallD settings and reloaded, I then encountered the problem with docker that the firewall rules cannot be set.The reason for this was that the rule names or something like that already exist and/or collide.

akama-aka avatar Oct 23 '24 04:10 akama-aka