Provide firewalld rich rules to allow the container → host connection.
Fixes T1463.
Details
Details
- Reviewers
dereckson - Maniphest Tasks
- T1463: Configure firewalld to allow container to host communication
- Commits
- rOPSb249d7fa6d1e: Allow containers to connect to host
check if devcentral can connect to aphlict
Diff Detail
Diff Detail
- Repository
- rOPS Nasqueron Operations
- Lint
Lint Passed - Unit
No Test Coverage - Branch
- allow-containers-to-connect-to-host (branched from master)
- Build Status
Buildable 2879 Build 3127: arc lint + arc unit
Event Timeline
Comment Actions
Salt master
$ salt equatower state.apply roles/paas-docker/docker/firewall equatower: ---------- ID: /etc/firewalld/zones/public.xml Function: file.managed Result: True Comment: File /etc/firewalld/zones/public.xml updated Started: 16:07:39.382235 Duration: 192.337 ms Changes: ---------- diff: --- +++ @@ -6,8 +6,20 @@ <service name="dhcpv6-client"/> <service name="http"/> <service name="https"/> + <rule family="ipv4"> - <source address="172.16.0.0/12" /> + <source address="172.18.2.0/24" /> <accept /> </rule> + + <rule family="ipv4"> + <source address="172.18.1.0/24" /> + <accept /> + </rule> + + <rule family="ipv4"> + <source address="172.17.0.0/16" /> + <accept /> + </rule> + </zone> Summary for equatower ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 192.337 ms
Comment Actions
Equatower
$ systemctl restart firewalld $ systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2018-10-09 16:10:06 UTC; 3s ago …