What is recommended update for docker firewall configuration please?
I use the following in /etc/config/dockerd:
config globals 'globals'
option data_root '/srv/docker/'
option log_level 'warn'
option iptables '1'
# Docker ignores fw3 rules and by default all external source IPs are allowed to connect to the Docker host.
# See https://docs.docker.com/network/iptables/ for more details.
# firewall config changes are only additive i.e firewall will need to be restarted first to clear old changes,
# then docker restarted to load in new changes.
config firewall 'firewall'
option device 'docker0'
list blocked_interfaces 'wan'
option extra_iptables_args '--match conntrack ! --ctstate RELATED,ESTABLISHED' # allow outbound connections
Firewall config command does not work well with nftables - my container could not reach local network. Revert to 7.0.3 fixed it.
I wonder how shall I configure new firewall to allow all containers to reach local network and internet but not be accessible from internet - only from local network?