Centos 7 - Docker and FirewallD

email
docker

#1

Hi,

I am having a issue with Docker when I run FirewallD on my Centos 7 servers, what I have noticed is that when it runs I loss connectivity to the internet as well as my POSTFIX service I have on the host OS(I use this to send emails)

So with my setup I have Nginx running on the host as I am planning on running other sites off the server, that works fine based off the doco I have read.

I am more of an iptables guy as I have used it for years, I have read over what FirewallD can do it is something I want to use on my server.

If anyone can help me with this that would be great :smile:

Thanks,

Rei


(AstonJ) #2

FirewallD is awesome :slight_smile:

Run firewall-cmd --get-services to get a list of services, then simply add the ones you want, such as:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=pop3s
firewall-cmd --permanent --add-service=smtp

List your services with firewall-cmd --permanent --list-services

Then restart with systemctl restart firewalld and check everything is working on your server, then systemctl enable firewalld to enable and start the firewall on reboot.

Then restart docker with systemctl restart docker and if you ever restart the firewall, you need to restart docker.

It’s so easy I love it! :slight_smile:


#3

Thanks, I will try this when I get home and let you know how I get on.


#4

I have made the changes and it has helped a bit, what I am getting now is a no route to host from Docker when I try to get it to talk to my SMTP server on my host.

I have added this in but it did not help

firewall-cmd --permanent --zone=trusted --add-interface=docker0

Any ideas?


#5

Hi,

Ok I got it going, I needed to add this in as well

firewall-cmd --permanent --zone=trusted --add-port=25/tcp

Now when you do this you will start getting other issues with docker not being able to resolve DNS etc, so you will need to add those rules in as well.

Regards,

Rei


(AstonJ) #6

Why didn’t just opening the SMTP port work? (You need to restart Docker after starting FirewallD)

I did not need to do any of those steps in your posts.


#7

I think it is the fact that I had the SMTP server on the host OS and not some where else, I did some reading about the no route to host issues I was getting from Docker and Firewalld. What I put as the steps I did to get it working was what I read.

Granted as I said the knock on affect of doing what I did was the fact that I need to add all of the required ports in the trusted zone.

It seemed to be the only way I could get what I wanted working.

Cheers,

Rei