Skip to content

Commit

Permalink
update docker
Browse files Browse the repository at this point in the history
  • Loading branch information
@akerl
akerl committed Dec 3, 2024
1 parent 370f95c commit 66385fd
Showing 1 changed file with 9 additions and 26 deletions.
35 changes: 9 additions & 26 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,6 @@
firewall { '100 handle uturn traffic for containers':
chain => 'OUTPUT',
jump => 'DOCKER_EXPOSE',
destination => '! 127.0.0.0/8',
dst_type => 'LOCAL',
table => 'nat',
}
Expand All @@ -65,6 +64,15 @@
table => 'nat',
}

firewall { '100 masquerade for localhost uturn':
chain => 'POSTROUTING',
jump => 'MASQUERADE',
src_type => 'LOCAL',
dst_type => 'UNICAST'
outiface => "${bridge_name}",
table => 'nat',
}

firewall { '100 forward from docker containers':
chain => 'FORWARD',
action => 'accept',
Expand All @@ -81,31 +89,6 @@
iniface => "! ${bridge_name}",
}

firewall { '100 masquerade for default docker containers':
chain => 'POSTROUTING',
jump => 'MASQUERADE',
proto => 'all',
outiface => '! docker0',
source => '172.31.255.0/24',
table => 'nat',
}

firewall { '100 forward from default docker containers':
chain => 'FORWARD',
action => 'accept',
proto => 'all',
outiface => '! docker0',
iniface => 'docker0',
}

firewall { '100 forward to default docker containers':
chain => 'FORWARD',
action => 'accept',
proto => 'all',
outiface => 'docker0',
iniface => '! docker0',
}

exec { 'create docker network':
command => "/usr/bin/docker network create --subnet ${bridge_subnet} -o com.docker.network.bridge.name=${bridge_name} ${bridge_name}",
unless => "/usr/bin/docker network inspect ${bridge_name}",
Expand Down

0 comments on commit 66385fd

Please sign in to comment.