To manage my firewall I use ufw. But Docker modifies itpables rules directly. I'm trying to do some testing to see what the effect of setting "iptables": false in /etc/docker/daemon.json, but it seems that once Docker has been started the iptables rules get set and won't go away:
$ cat /etc/docker/daemon.json
{ "iptables": false
}
$ sudo systemctl stop containerd docker.service docker.socket
$ sudo iptables -L | grep -i docker
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
DOCKER all -- anywhere anywhere
Chain DOCKER (1 references)
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
Chain DOCKER-USER (1 references)I figured out pretty quickly that there's no systemd unit for iptables, so I tried restarting ufw several different ways, but I guess since Docker bypasses ufw it doesn't have any effect.
I'm guessing rebooting my computer would do the trick but that's what I'm trying to avoid since I would like to do some testing that involves enabling and disabling the Docker iptables integration several times and I don't want to reboot every time.
1 Reset to default
