[Firehol-support] Docker 1.7

Rudi ooly.me at gmail.com
Mon Jun 22 17:06:33 BST 2015


Hi,

I've been using Firehol with Docker, but the new 1.7 release has changes
that break my Firehol policies.

I'm a bit stuck so I hope I can find some help here.

I'm using Firehol version 5 on Ubuntu 14:04

My problem is specific to Docker containers that link together.

Since upgrading from Docker 1.6 to 1.7 the linked containers cannot talk to
each other.

This is a syslog entry for the blocked traffic (which started at docker 1.7)

Jun 22 15:46:57 vbox kernel: [21511.434348] PASS-unknown:IN=docker0
OUT=docker0 PHYSIN=vethee039e3 PHYSOUT=vethcf08163
MAC=02:42:ac:11:00:01:02:42:ac:11:00:02:08:00 SRC=172.1
7.0.2 DST=172.17.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=34212 DF
PROTO=ICMP TYPE=8 CODE=0 ID=14 SEQ=1

Using Docker 1.6 these Firehol rules were working fine:

docker_interface="docker+"
docker_virtual_subnets="veth+"
interface "${docker_interface}" docker
    policy accept
interface "${docker_virtual_subnets}" veth
    policy accept

I don't fully understand the log entry above but I think now I need to add
a router rule(s) for docker container networking.

Using Docker 1.6 (and below) no router needed, does it look like with
Docker 1.7 I need one now?

Some help interpreting the log entry above would be super.

Any tips of advice much appreciated.

Thanks!



More information about the Firehol-support mailing list