4

System : RHEL 8.4 Docker Version : 20.10

RHEL 8 has moved from iptables to nftables and Docker inbuild uses iptables to set firewall rules on the machine.

It seems to have break the communication from docker containers to host services, and also to other hosted docker containers on the same network.

I have to communicate to registry hosted in container on port 5000.

And also I am hosting impala services in container and opened exposed following ports

21000

21050

25000

25010

25020

Also when i logged in to container it cannot make contact to internet.

Does anyone know what rules can be set to make proper communications to docker. Also the service hosted in container must be able to contact all the related host services.

Things tried until now :

Made changes in /etc/docker/daemon.json

{
"iptables" : false
}

And based on this link tried to set up rules , but no luck

FYI : I have no idea for setting up any type of rules in linux firewall (not with iptables nor with nftables)

Keyur Barapatre
  • 237
  • 2
  • 11

1 Answers1

3

From Docker 20.10, Docker provides support for firewalld, and no need to add any rules manually.

It resolved my issues related to iptables and efatbles

Keyur Barapatre
  • 237
  • 2
  • 11
  • How did you get this to work? I have RHEL 8.4 and Docker 20.10.8 with backend set to iptables. I’v been hitting my head against a wall for at least a week without success. I have no pod-to-pod communication. I reverted to RHEL 8.0 and it works. Is there a special flag I need to set in daemon.json (I.e. ‘’nftables’’: true) ? Thanks for any guidance you can provide. – Joey Cote Oct 31 '21 at 15:50
  • Hi Joey, sorry for late reply, but the key thing here, which i observed is that, When you start docker service, make sure firewalld was in running and in active state. Then docker will take care of all required rules which are needed. – Keyur Barapatre May 31 '22 at 16:49
  • 1
    Hi Keyur. I ended up just dropping all my iptables firewall rules and let Docker manage them all for me. Whatever rules I was setting manually was conflicting with what rules Docker was trying to set. I also set '"iptables":true' in the Docker daemon.json. Thanks for your help. – Joey Cote Jul 21 '22 at 13:58