openstack/kolla-ansible
Code Issues Proposed changes
dfce510c0f
kolla-ansible/releasenotes/notes/docker-disable-iptables-e9a248a0515f30a6.yaml
Dincer Celik fc7ce6cabe [docker] Added a new flag to disable default iptables rules 
Docker is manipulating iptables rules by default to provide network
isolation, and this might cause problems if the host already has an
iptables-based firewall.

This change introduces docker_disable_default_iptables_rules to
disable the iptables manipulation by putting "iptables: false" [1] to
daemon.json

For better defaults, this feature will be enabled by default in
Victoria.

[1] https://docs.docker.com/network/iptables/

Closes-Bug: #1849275

Change-Id: I165199fc98fb98f227f2a20284e1bab03ef65b5b
2020-07-27 09:09:45 +00:00

13 lines
595 B
YAML
Raw Blame History

---
features:
- |
Adds a new flag, ``docker_disable_default_iptables_rules``, which
defaults to ``no``. Docker is manipulating iptables rules by
default to provide network isolation, and this might cause
problems if the host already has an iptables based firewall.
A common problem is that Docker sets the default policy of the
``FORWARD`` chain in the ``filter`` to ``DROP``.
Setting ``docker_disable_default_iptables_rules`` to ``yes``
will disable Docker's iptables manipulation. This feature will be
enabled by default from the Victoria 11.0.0 release.
View Git Blame Copy Permalink