Docker and arno-iptables-firewall

How to Use Arno’s IPTABLES Firewall with Docker

When using Arno’s iptables firewall alongside Docker, it’s common to run into networking issues. After restarting the firewall, Docker containers might lose external connectivity or port forwarding stops working. This happens because Arno’s firewall wiped the iptables rules that Docker had automatically inserted.

One elegant way to solve this is by configuring Arno’s firewall to allow traffic for Docker explicitly.

Edit the custom rules file:

/etc/arno-iptables-firewall/custom-rules
iptables -A INPUT -i docker0 -j ACCEPT
iptables -A FORWARD -o docker0 -j ACCEPT
iptables -A FORWARD -i docker0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE

Make sure the subnet (172.17.0.0/16) matches your Docker bridge network. You can check this via:

ip addr show docker0

After making changes, restart the firewall:

systemctl restart arno-iptables-firewall

Now, Docker containers should retain networking even after the firewall restarts.

This method integrates Docker networking directly into your firewall setup and avoids the need to restart Docker after every firewall reload.

Leave a Reply

Your email address will not be published. Required fields are marked *

Filtered by Akismet. (privacy info).