Hello, I’m deploying containers with docker-compose. Also there is ufw enabled on the same machine. Because there is a known issue that ufw doesn’t block ports exposed by docker, i’ve created /etc/docker/daemon.json with the following content:
cat /etc/docker/daemon.json
{
“iptables”: false
}
{
“dns”: [“8.8.8.8”, “8.8.4.4”]
}
I also set the following in the /etc/default/ufw:
DEFAULT_FORWARD_POLICY=“ACCEPT”
It works well with these config - exposed ports can be controlled via ufw.
But there is another issue: when i deploying new services with docker-compose, new virtual network has been created. But because of <“iptables”: false>, no records has been added to iptables rules list, so new containers cannot access outer sevices via dns (e.g. deployed container on another server).
If i delete /etc/docker/daemon.json and make docker-compose down\up - then all works well (new network created, and new iptables rules are appended - but ports exposed by docker are no more blocked).
Please help, how to enable dns resolution in this situation?
Version:
Client:
Version: 17.06.1-ce
API version: 1.30
Go version: go1.8.3
Git commit: 874a737
Built: Thu Aug 17 22:51:12 2017
OS/Arch: linux/amd64
Server:
Version: 17.06.1-ce
API version: 1.30 (minimum version 1.12)
Go version: go1.8.3
Git commit: 874a737
Built: Thu Aug 17 22:50:04 2017
OS/Arch: linux/amd64
Experimental: false
docker-compose version 1.15.0, build e12f3b9
docker-py version: 2.5.1
CPython version: 3.5.2
OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016