| Docker.xml (shorewall-docs-xml-5.2.3.6.tar.bz2) | : | Docker.xml (shorewall-docs-xml-5.2.6.tar.bz2) |
|---|
| | |
| skipping to change at line 16 | | skipping to change at line 16 |
|---|
| | |
| <articleinfo> | | <articleinfo> |
| <title>Docker Support</title> | | <title>Docker Support</title> |
| | |
| <authorgroup> | | <authorgroup> |
| <author> | | <author> |
| <firstname>Tom</firstname> | | <firstname>Tom</firstname> |
| | |
| <surname>Eastep</surname> | | <surname>Eastep</surname> |
| </author> | | </author> |
|
| | |
| | <author> |
| | <surname>J Cliff Armstrong</surname> |
| | </author> |
| </authorgroup> | | </authorgroup> |
| | |
| <pubdate><?dbtimestamp format="Y/m/d"?></pubdate> | | <pubdate><?dbtimestamp format="Y/m/d"?></pubdate> |
| | |
| <copyright> | | <copyright> |
| <year>2016</year> | | <year>2016</year> |
| | |
|
| | <year>2020</year> |
| | |
| <holder>Thomas M. Eastep</holder> | | <holder>Thomas M. Eastep</holder> |
| </copyright> | | </copyright> |
| | |
| <legalnotice> | | <legalnotice> |
| <para>Permission is granted to copy, distribute and/or modify this | | <para>Permission is granted to copy, distribute and/or modify this |
| document under the terms of the GNU Free Documentation License, Version | | document under the terms of the GNU Free Documentation License, Version |
| 1.2 or any later version published by the Free Software Foundation; with | | 1.2 or any later version published by the Free Software Foundation; with |
| no Invariant Sections, with no Front-Cover, and with no Back-Cover | | no Invariant Sections, with no Front-Cover, and with no Back-Cover |
| Texts. A copy of the license is included in the section entitled | | Texts. A copy of the license is included in the section entitled |
| <quote><ulink url="GnuCopyright.htm">GNU Free Documentation | | <quote><ulink url="GnuCopyright.htm">GNU Free Documentation |
| | |
| skipping to change at line 60 | | skipping to change at line 66 |
|---|
| <title>Shorewall 5.0.6 and Later</title> | | <title>Shorewall 5.0.6 and Later</title> |
| | |
| <para>Beginning with Shorewall 5.0.6, Shorewall has native support for | | <para>Beginning with Shorewall 5.0.6, Shorewall has native support for |
| simple Docker configurations. This support is enabled by setting | | simple Docker configurations. This support is enabled by setting |
| DOCKER=Yes in shorewall.conf. With this setting, the generated script | | DOCKER=Yes in shorewall.conf. With this setting, the generated script |
| saves the Docker-created ruleset before executing a | | saves the Docker-created ruleset before executing a |
| <command>stop</command>, <command>start</command>, | | <command>stop</command>, <command>start</command>, |
| <command>restart</command> or <command>reload</command> operation and | | <command>restart</command> or <command>reload</command> operation and |
| restores those rules along with the Shorewall-generated ruleset.</para> | | restores those rules along with the Shorewall-generated ruleset.</para> |
| | |
|
| | <important> |
| | <para>Shorewall currently doesn't support Docker Swarm mode.</para> |
| | </important> |
| | |
| | <warning> |
| | <para>On Debian and Debian-derived systems, <command>systemctl restart |
| | shorewall</command> will lose Docker rules. You can work around this |
| | issue using a method provided by J Cliff Armstrong:</para> |
| | |
| | <para>Type as root:</para> |
| | |
| | <programlisting><command>systemctl edit shorewall.service</command></progr |
| | amlisting> |
| | |
| | <para>This will open the default terminal editor to a blank file in |
| | which you can paste the following:</para> |
| | |
| | <programlisting>[Service] |
| | # reset ExecStop |
| | ExecStop= |
| | # set ExecStop to "stop" instead of "clear" |
| | ExecStop=/sbin/shorewall $OPTIONS stop |
| | </programlisting> |
| | |
| | <para> Then type <command>systemctl daemon-reload </command>to activate |
| | the changes. This change will survive future updates of the shorewall |
| | package from apt repositories. The override file itself will be saved to |
| | `/etc/systemd/system/shorewall.service.d/`. </para> |
| | </warning> |
| | |
| <para>This support assumes that the default Docker bridge (docker0) is | | <para>This support assumes that the default Docker bridge (docker0) is |
| being used. It is recommended that this bridge be defined to Shorewall in | | being used. It is recommended that this bridge be defined to Shorewall in |
| <ulink | | <ulink |
| url="manpages/shorewall-interfaces.html">shorewall-interfaces(8)</ulink>. | | url="manpages/shorewall-interfaces.html">shorewall-interfaces(8)</ulink>. |
| As shown below, you can control inter-container communication using the | | As shown below, you can control inter-container communication using the |
| <option>bridge</option> and <option>routeback</option> options. If docker0 | | <option>bridge</option> and <option>routeback</option> options. If docker0 |
| is not defined to Shorewall, then Shorewall will save and restore the | | is not defined to Shorewall, then Shorewall will save and restore the |
| FORWARD chain rules involving that interface.</para> | | FORWARD chain rules involving that interface.</para> |
| | |
| <para><filename>/etc/shorewall/shorewall.conf</filename>:</para> | | <para><filename>/etc/shorewall/shorewall.conf</filename>:</para> |
| | | |
| End of changes. 3 change blocks. |
|---|
| 0 lines changed or deleted | | 36 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 