Avoid firewall conflicts

Avoid firewall conflicts in the following Linux distributions:

Linux distribution

Procedure

SLES 12 SP2

Installations have the FW_LO_NOTRACK flag turned on by default in the openSUSE firewall. It speeds up packet processing on the loopback interface but breaks certain firewall setups that redirect outgoing packets via custom rules on the local machine.

To turn off the FW_LO_NOTRACK option:

  1. In /etc/sysconfig/SuSEfirewall2, set FW_LO_NOTRACK="no".

  2. Either restart the firewall or reboot the system.

SLES 12 SP3

No change is required, as installations have the FW_LO_NOTRACK flag turned off by default.

SLES 15 SP3 or RHEL 8, when running MCR 19.03.x

Configure the FirewallBackend option:

  1. Verify that firewalld is running.

  2. In /etc/firewalld/firewalld.conf, change FirewallBackend=nftables to FirewallBackend=iptables.

  3. Restart dockerd and firewalld:

    systemctl stop docker && systemctl stop firewalld && \
    systemctl start firewalld && systemctl start docker
    

Alternatively, allow traffic to enter the default bridge network (docker0):

firewall-cmd --permanent --zone=trusted \
--add-interface=docker0
firewall-cmd --reload