Bug 1161745

Summary: docker interferes with firewall initialisation via firewalld
Product: Red Hat Enterprise Linux 7 Reporter: Daniel Walsh <dwalsh>
Component: firewalldAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: Tomas Dolezal <todoleza>
Severity: high Docs Contact: Robert Krátký <rkratky>
Priority: high    
Version: 7.0CC: bexelbie, danw, dbrockus, dcbw, desktop-qa-list, dwalsh, fweimer, jeder, jklimes, jkrieger, jpoimboe, jpopelka, jscotka, lfc30, linville, lsu, mattdm, michele, msekleta, ngalvin, pdwyer, pvrabec, rkhan, rkratky, sauchter, sbonnevi, sct, sghosh, tgummels, thaller, tjay, todoleza, twoerner, yruseva
Target Milestone: rcKeywords: Patch, Reopened
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
The docker daemon interferes with the firewalld daemon and prevents firewalld from executing the iptables command. Users of docker should not enable firewalld to prevent this interference.
 Story Points: ---
Clone Of: 1098281 Environment:
Last Closed: 2015-11-19 12:59:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1098281    
Bug Blocks: 1113141, 1133060, 1205796    

Comment 2 Jiri Popelka 2014-11-14 12:42:10 UTC 
Upstream commit
https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=b3b451d6f8946986b8f50c8bcddeef50ed7a5f8f
Comment 3 Jiri Popelka 2014-11-14 12:43:29 UTC 
*** Bug 1151067 has been marked as a duplicate of this bug. ***
Comment 4 Jiri Popelka 2014-11-14 12:45:56 UTC 
Whole docker vs. firewalld picture is described in bug #1164243.
Comment 12 Yoana Ruseva 2015-02-19 12:53:26 UTC 
Confirmed that this bug has been mentioned in the Docker Quick Start Guide, 
Getting Docker in RHEL 7 section, Step 4:

https://access.redhat.com/articles/881893

Changing the Doc Type to Bug Fix because it will not be included in the RHEL 7 Release Notes.
Comment 15 Thomas Woerner 2015-08-14 09:39:34 UTC 
Please remember that this issue has been addressed in docker also. docker and firewalld are now working together. Please have a look at #1245325
Comment 16 Thomas Woerner 2015-08-14 09:40:41 UTC 
(In reply to Thomas Woerner from comment #15)
> Please remember that this issue has been addressed in docker also. docker
> and firewalld are now working together. Please have a look at #1245325

Here is the link:
https://bugzilla.redhat.com/show_bug.cgi?id=1245325
Comment 17 Robert Krátký 2015-08-14 10:13:02 UTC 
Hi Thomas,

RHEL 7.1 Release Notes already mentioned:

"Firewalld is now supported for docker containers. If firewalld is running on the system, the rules will be added via the firewalld passthrough. If firewalld is reloaded, the configuration will be re-applied."

So I suppose that no RN is required for RHEL 7.2. Correct?
Comment 18 Thomas Woerner 2015-08-14 10:41:00 UTC 
Hello Robert,

the doc text of this bug was irritating me a bit. I wanted to make sure that the outdated information will not make it into the errata or the release notes of 7.2.

Regards,
Thomas
Comment 20 errata-xmlrpc 2015-11-19 12:59:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2422.html