[ale] Speaking of containers: Docker and iptables

James Sumners james.sumners at gmail.com
Tue Oct 31 09:59:14 EDT 2017


I need to update my internal Redis servers from RHEL6 to RHEL7. Since
stupid redis.io doesn't provide a yum repository, and the EPEL packages are
"old stable," I am looking at deploying them with the `redis:4` image.
While researching this plan, it has come to my attention that `dockerd`
defaults to injecting iptables rules automatically. This is not great;
especially if you limit access to your Redis servers by firewall rules
(i.e. only from certain clients).

So, let's say you use the packages from
https://download.docker.com/linux/centos/7/x86_64/stable/ to run Docker.
You will want to do the following to prevent this silliness:

```
$ echo -e "[Service]\nExecStart=/usr/bin/dockerd --iptables=false" >
/etc/systemd/system/docker.service
$ systemctl daemon-reload
$ systemctl restart docker.service
```

-- 
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20171031/24528458/attachment.html>


More information about the Ale mailing list