* blocked_interfaces blocks all packets to docker0 from the given
interface. This is needed because all the iptables commands dockerd
adds operate before any of the fw3 generated rules.
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
This commit adds two additional init.d targets:
* uciadd:
This command adds the default docker0 bridge to the network
configuration. Additional, a new firewall zone docker is created
* ucidel
This command removes default docker0 bridge from the network
configuration. The new docker firewall zone gets also deleted.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If the uci configuration is changed send dockerd a SIGHUP to reload the
generated daemon.json file with the new configuration.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Until now, the firewall rules from the dockerd were preserved after the
service was stopped. This is not nice. With this change the firewall rules
created by dockerd will be deleted when the dockerd service is stopped.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If we execute `docker info` we get the following warning:
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
To fix this enable this in sysctl if docker is installed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
When we run docker image and export too many ports, dockerd will output some errors like "too many open files", it is caused by max-file limitation.
Now, we start dockerd using procd, just add a statement to fix this problem.
Signed-off-by: Fuying Wang <805447391@qq.com>