"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "Docker.xml" between
shorewall-docs-xml-5.2.3.6.tar.bz2 and shorewall-docs-xml-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

Docker.xml  (shorewall-docs-xml-5.2.3.6.tar.bz2):Docker.xml  (shorewall-docs-xml-5.2.6.tar.bz2)
skipping to change at line 16 skipping to change at line 16
<articleinfo> <articleinfo>
<title>Docker Support</title> <title>Docker Support</title>
<authorgroup> <authorgroup>
<author> <author>
<firstname>Tom</firstname> <firstname>Tom</firstname>
<surname>Eastep</surname> <surname>Eastep</surname>
</author> </author>
<author>
<surname>J Cliff Armstrong</surname>
</author>
</authorgroup> </authorgroup>
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate> <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright> <copyright>
<year>2016</year> <year>2016</year>
<year>2020</year>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
</copyright> </copyright>
<legalnotice> <legalnotice>
<para>Permission is granted to copy, distribute and/or modify this <para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with 1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
skipping to change at line 60 skipping to change at line 66
<title>Shorewall 5.0.6 and Later</title> <title>Shorewall 5.0.6 and Later</title>
<para>Beginning with Shorewall 5.0.6, Shorewall has native support for <para>Beginning with Shorewall 5.0.6, Shorewall has native support for
simple Docker configurations. This support is enabled by setting simple Docker configurations. This support is enabled by setting
DOCKER=Yes in shorewall.conf. With this setting, the generated script DOCKER=Yes in shorewall.conf. With this setting, the generated script
saves the Docker-created ruleset before executing a saves the Docker-created ruleset before executing a
<command>stop</command>, <command>start</command>, <command>stop</command>, <command>start</command>,
<command>restart</command> or <command>reload</command> operation and <command>restart</command> or <command>reload</command> operation and
restores those rules along with the Shorewall-generated ruleset.</para> restores those rules along with the Shorewall-generated ruleset.</para>
<important>
<para>Shorewall currently doesn't support Docker Swarm mode.</para>
</important>
<warning>
<para>On Debian and Debian-derived systems, <command>systemctl restart
shorewall</command> will lose Docker rules. You can work around this
issue using a method provided by J Cliff Armstrong:</para>
<para>Type as root:</para>
<programlisting><command>systemctl edit shorewall.service</command></progr
amlisting>
<para>This will open the default terminal editor to a blank file in
which you can paste the following:</para>
<programlisting>[Service]
# reset ExecStop
ExecStop=
# set ExecStop to "stop" instead of "clear"
ExecStop=/sbin/shorewall $OPTIONS stop
</programlisting>
<para> Then type <command>systemctl daemon-reload </command>to activate
the changes. This change will survive future updates of the shorewall
package from apt repositories. The override file itself will be saved to
`/etc/systemd/system/shorewall.service.d/`. </para>
</warning>
<para>This support assumes that the default Docker bridge (docker0) is <para>This support assumes that the default Docker bridge (docker0) is
being used. It is recommended that this bridge be defined to Shorewall in being used. It is recommended that this bridge be defined to Shorewall in
<ulink <ulink
url="manpages/shorewall-interfaces.html">shorewall-interfaces(8)</ulink>. url="manpages/shorewall-interfaces.html">shorewall-interfaces(8)</ulink>.
As shown below, you can control inter-container communication using the As shown below, you can control inter-container communication using the
<option>bridge</option> and <option>routeback</option> options. If docker0 <option>bridge</option> and <option>routeback</option> options. If docker0
is not defined to Shorewall, then Shorewall will save and restore the is not defined to Shorewall, then Shorewall will save and restore the
FORWARD chain rules involving that interface.</para> FORWARD chain rules involving that interface.</para>
<para><filename>/etc/shorewall/shorewall.conf</filename>:</para> <para><filename>/etc/shorewall/shorewall.conf</filename>:</para>
 End of changes. 3 change blocks. 
0 lines changed or deleted 36 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)