-
Notifications
You must be signed in to change notification settings - Fork 751
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix dockerd sets iptables FORWARD policy to DROP #267
Conversation
Thank you for this PR @mnbf9rca as it gave me the chance to read about the |
hi, for reference, this is how i fixed it using the DOCKER USER chain instead of tweaking the FORWARD DROP rule - https://gist.github.com/gbevan/8a0a786cfc2728cd2998f868b0ff5b72 there is a link in there to the original article that I found and followed. |
It appears Docker will only set the default FORWARD policy to DROP if before launching, Editing |
It also may be instructive to read why the policy was changed by Docker in the first place: moby/moby#14041 and see if it applies here. If it does, it may not be a good idea for microk8s to advise users to set the policy in the first place and instead add additional iptables rules analogous to what was added for the docker0 interface for the cbr0 interface to get Kubernetes pod networking to work. EDIT: I had luck getting networking to work with the following iptables/systemd unit: |
I like this. It sets iptable rules on only the interface we create ( |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Closing this PR due to inactivity. |
fixes #266 so that policy is persistent across reboots