19fc933330
If docker-ce handles the firewall and fw3 is not envolved because the rules get not proceed, then not only docker0 should be handled but also other interfaces and therefore other docker networks. This commit extends the handling and introduces a new uci option `device` in the docker config firewall section. This can be used to specify which device is allowed to access the container. Up to now only docker0 is covert. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
20 lines
726 B
Text
20 lines
726 B
Text
# The following settings require a restart to take full effect, A reload will
|
|
# only have partial or no effect:
|
|
# option bip
|
|
# list blocked_interfaces
|
|
|
|
config globals 'globals'
|
|
# option alt_config_file "/etc/docker/daemon.json"
|
|
option data_root "/opt/docker/"
|
|
option log_level "warn"
|
|
list hosts "unix:///var/run/docker.sock"
|
|
option bip "172.18.0.1/24"
|
|
# option iptables "0"
|
|
# list registry_mirrors "https://<my-docker-mirror-host>"
|
|
# list registry_mirrors "https://hub.docker.com"
|
|
|
|
# Docker ignores fw3 rules and by default all external source IPs are allowed
|
|
# to connect to the Docker host. See https://docs.docker.com/network/iptables/
|
|
config firewall 'firewall'
|
|
option device 'docker0'
|
|
list blocked_interfaces 'wan'
|