Comment on PSA: Docker nukes your firewall rules, and replaces them with its own.
zeluko@kbin.social 8 months ago
Yeah, it needs those rules for e.g. port-forwarding into the containers.
But it doesnt really 'nuke' existing ones.
I have simply placed my rules at higher priority than normal. Very simple in nftables and good to not have rules mixed between nftables and iptables in unexpected ways.
You should filter as early as possible anyways to reduce ressource usage on e.g. connection tracking.
Kalcifer@sh.itjust.works 8 months ago
How come I don’t see my previous rules when I dump the ruleset, then? I have my rules written in
/etc/nftables.conf, and they were previously applied by running# nft -f /etc/nftables.conf. Now, when I dump the current ruleset with# nft list ruleset, those previous rules aren’t there — all I see are Docker’s rules.