Univention Bugzilla – Bug 46612
UCS 4.3 docker version sets default rule FORWARD policy DROP
Last modified: 2018-03-14 14:38:15 CET
The UCS 4.3 docker version by default configures the packetfilter rule FORWARD policy DROP. In UCS 4.2 the default was ACCEPT. KVM virtual machines cannot use the network with this new default.
The Docker source code was patched to not change the default policy of the FORWARD chain. docker.io 1.13.1-0ubuntu6A~4.3.0.201803131344 PS: Alternative solution would have been to start dockerd with --ip-forward=false (ucr set docker/daemon/default/opts/ip-forward=false) and enable ip_forwarding (sysctl net.ipv4.ip_forward=1).
OK: Default for FORWARD is now ACCEPT OK: Patch applied and build reopen: changelog. We actually differ from the upstream behavior with this version of docker and should mention it.
[4.3-0 3a8460ee73] Bug #46612: release changelog entry
OK: changelog verified
UCS 4.3 has been released: https://docs.software-univention.de/release-notes-4.3-0-en.html https://docs.software-univention.de/release-notes-4.3-0-de.html If this error occurs again, please use "Clone This Bug".