dockerd: Add firewall independent dependencies

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
author: Gerard Ryan <G.M0N3Y.2503@gmail.com> 2022-04-27 21:11:14 +1000
committer: Rosen Penev <rosenp@gmail.com> 2022-05-14 21:32:36 -0700
commit: 1f96ec16ecdb98b83244b4c97faf314552948924 (patch)
tree: 41f97fed7c5b16424dad5831a30c8a36678a2dff /utils/dockerd/files
parent: 34c77110f1b01e374d9dca0d288933cd6ef9a10e (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/utils/dockerd/files/etc/config/dockerd b/utils/dockerd/files/etc/config/dockerd
index 196391a86..dd7523543 100644
--- a/utils/dockerd/files/etc/config/dockerd
+++ b/utils/dockerd/files/etc/config/dockerd
@@ -21,8 +21,15 @@ config globals 'globals'
 #	list registry_mirrors 'https://<my-docker-mirror-host>'
 #	list registry_mirrors 'https://hub.docker.com'
 
-# Docker ignores fw3 rules and by default all external source IPs are allowed to connect to the Docker host.
+# Docker doesn't work well out of the box with fw4. This is because Docker relies on a compatibility layer that
+# naively translates iptables rules. For the best compatibility replace the following dependencies:
+# `firewall4` -> `firewall`
+# `iptables-nft` -> `iptables-legacy`
+# `ip6tables-nft` -> `ip6tables-legacy`
+
+# Docker undermines the fw3 rules. By default all external source IPs are allowed to connect to the Docker host.
 # See https://docs.docker.com/network/iptables/ for more details.
+
 # firewall config changes are only additive i.e firewall will need to be restarted first to clear old changes,
 # then docker restarted to load in new changes.
 config firewall 'firewall'
author	Gerard Ryan <G.M0N3Y.2503@gmail.com>	2022-04-27 21:11:14 +1000
committer	Rosen Penev <rosenp@gmail.com>	2022-05-14 21:32:36 -0700
commit	1f96ec16ecdb98b83244b4c97faf314552948924 (patch)
tree	41f97fed7c5b16424dad5831a30c8a36678a2dff /utils/dockerd/files
parent	34c77110f1b01e374d9dca0d288933cd6ef9a10e (diff)