iptables config location - docker

aemee123 · 14. Juli 2020

Hi All

As per the subject - enabling docker brings in legacy iptables which I'm fine with as I have a load of them I need to import and save. I use iptables-persistent and save my rules in /etc/iptables/rules.v4.

I've cleared all iptables rules I had set manually using this method and installed docker/portainer using the UI.

I now have some basic rules and chains including docker. Which file are the saved in and how can I add my other iptables rules to this?

Thanks

ryecoaaron · 14. Juli 2020

Zitat von aemee123

Which file are the saved in and how can I add my other iptables rules to this?

The only thing the plugin does is switch to iptables-legacy (if you use the iptables menu but this is not done by default). Switching back and forth shouldn't change the file you create. The rules OMV creates when you use the firewall tab in network is /etc/iptables/openmediavault-firewall.sh and it is the only thing OMV touches. If you want things to work the OMV way, you should create your rules in the web interface.

aemee123 · 15. Juli 2020

Ok thanks - I'm seeing something I can't seem to explain.

There is no omv firewall rules file in etc/iptables.

I haven't created a single rule in the OMV interface and I don't have any rules created manually at the moment (I cleared them all out), but docker install from the OMV gui has created firewall rules which show when I do iptables -L. Where are these being created and stored ?

output of iptables -L:

Code

Chain INPUT (policy ACCEPT)
target     prot opt source               destination


Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere


Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


Chain DOCKER (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9000
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:8000
ACCEPT     tcp  --  anywhere             172.17.0.3           tcp dpt:8500


Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere


Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere


Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Alles anzeigen

I'm using the latest OMV 5 fully updated. Thanks

ryecoaaron · 15. Juli 2020

Zitat von aemee123

Where are these being created and stored ?

As I mentioned in my post, they are created in the /etc/iptables/openmediavault-firewall.sh script. Try creating a rule from the web interface and you will see them there. Make sure to click Save in the firewall tab though.

Jetzt mitmachen!