docker-ce: cleanup firewall rules on service stop

author Florian Eckert <redacted>

Wed, 24 Jun 2020 07:25:50 +0000 (09:25 +0200)

committer Florian Eckert <redacted>

Tue, 7 Jul 2020 13:03:28 +0000 (15:03 +0200)
author Florian Eckert <redacted>
Wed, 24 Jun 2020 07:25:50 +0000 (09:25 +0200)
committer Florian Eckert <redacted>
Tue, 7 Jul 2020 13:03:28 +0000 (15:03 +0200)
diff --git a/utils/docker-ce/files/dockerd.init b/utils/docker-ce/files/dockerd.init

index 3b77f113118c82272cf102c1d2bd923265b19635..a61dc89e872db91863f56613484e23ddd0933f81 100644 (file)
--- a/utils/docker-ce/files/dockerd.init
+++ b/utils/docker-ce/files/dockerd.init
@@ -58,3 +58,36 @@ start_service() {
         procd_set_param limits nofile="${nofile} ${nofile}"
         procd_close_instance
  }
+
+ip4tables_remove_nat() {
+       iptables -t nat -D OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
+       iptables -t nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
+
+       iptables -t nat -F DOCKER
+       iptables -t nat -X DOCKER
+}
+
+ip4tables_remove_filter() {
+       iptables -t filter -D FORWARD -j DOCKER-USER
+       iptables -t filter -D FORWARD -j DOCKER-ISOLATION-STAGE-1
+       iptables -t filter -D FORWARD -o docker0 -j DOCKER
+
+       iptables -t filter -F DOCKER
+       iptables -t filter -F DOCKER-ISOLATION-STAGE-1
+       iptables -t filter -F DOCKER-ISOLATION-STAGE-2
+       iptables -t filter -F DOCKER-USER
+
+       iptables -t filter -X DOCKER
+       iptables -t filter -X DOCKER-ISOLATION-STAGE-1
+       iptables -t filter -X DOCKER-ISOLATION-STAGE-2
+       iptables -t filter -X DOCKER-USER
+}
+
+ip4tables_remove() {
+       ip4tables_remove_nat
+       ip4tables_remove_filter
+}
+
+stop_service() {
+       ip4tables_remove
+}
author	Florian Eckert <redacted>
	Wed, 24 Jun 2020 07:25:50 +0000 (09:25 +0200)
committer	Florian Eckert <redacted>
	Tue, 7 Jul 2020 13:03:28 +0000 (15:03 +0200)