2018-11-30 11:14:16 -0500 EST
Fixing iptables on a KVM hypervisor after a Docker install
I run a number of KVM hypervisors that provide network to guests using a public bridge (
The guest domains individually firewall themselves, so I leave the hypervisors’ iptables
FORWARD chain defaulted to
This worked well until I installed Docker.
Docker flips the default policy on the
FORWARD chain to
DROP, thereby cutting off network access for all the KVM guests attached to the bridge.
--iptables=false flag to the Docker daemon prevents Docker from touching iptables, but that’s inconvenient.
To let Docker have its way while returning unfettered access our KVM guests using
# iptables -I FORWARD -i br0 -o br0 -j ACCEPT
Remember to persist this rule using, e.g.,
#linux #docker #libvirt