Univention Bugzilla – Bug 43707
docker iptables rules differs after firewall restart
Last modified: 2017-04-18 08:03:59 CEST
After restarting the iptables firewall on a UCS 4.2 master without apps, there is at least one iptables chain (DOCKER-ISOLATION) that is not covered by /etc/security/packetfilter.d/20_docker.sh. Is this a problem? --- Before-FW-Restart 2017-03-02 17:44:47.092000000 +0100 +++ After-FW-Restart 2017-03-02 17:44:32.228000000 +0100 @@ -38,19 +38,13 @@ Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination - 0 0 DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0 - 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 - 0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED - 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 - 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 -Chain DOCKER (1 references) +Chain DOCKER (0 references) pkts bytes target prot opt in out source destination -Chain DOCKER-ISOLATION (1 references) +Chain DOCKER-ISOLATION (0 references) pkts bytes target prot opt in out source destination - 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
r77585: create missing docker chains and rules, changelog entry Package: univention-firewall Version: 9.0.0-9A~4.2.0.201703101540 Branch: ucs_4.2-0
The package has not been built due to ucslint complaining mistakenly about some lines with text "iptables". Package has been fixed and rebuilt via #42351. OK: code change OK: functional test OK: changelog entry
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".