iptables firewall is used to set up, maintain, and inspect the tables of IP packet filter rules within the Linux kernel. The Docker daemon should be allowed to make changes to the
Docker will not make changes to your system
iptables rules unless you allow it to do so. If you do allow this, Docker server will automatically make any required changes. You should let Docker make changes to
iptables automatically in order to avoid networking misconfigurations that could affect the communication between containers and with the outside world. Additionally, this reduces the administrative overhead of updating
iptables every time you add containers or modify networking options.
To confirm that the Docker daemon is allowed to change the
iptables ruleset, review the
dockerd startup options and the settings in
/etc/docker/daemon.json. To review the
dockerd startup options, run:
ps -ef | grep dockerd
Ensure that the
--iptables parameter is either not present or not set to
false. Also review the
/etc/docker/daemon.json file to check that the
iptables setting is not set to
Do not run the Docker daemon with
The Docker daemon service requires
iptables rules to be enabled before it starts. Any restarts of
iptables during Docker daemon operation may result in losing Docker-created rules. Adding
iptables-persistent to your
iptables install can mitigate.
iptables is set to true.
Version 6.5 Controlled Use of Administration Privileges