Lots of veth* interface on firewalld zone

donihalim · May 6, 2023, 8:20am

Hi, everyone
I’m using Debian 11 and firewalld to manage firewall, when I check my default zone (external zone) I notice there so many veth* interface added to that zone, by restarting the firewalld using firewall-cmd --reload those interface are gone.

But what is this?

Also I started the docker daemon with iptables: false on daemon.json

external (active)
  target: default
  icmp-block-inversion: no
  interfaces: eno1 veth05c56e1 veth0bfce29 veth1066761 veth1ad92e9 veth24959fc veth28af218 veth3e119b7 veth67b896b veth9a88a33 vethb7311bb vethcef0be8 vethecd4fbc vethed61210
  sources:
  services: dns docker-swarm http https mountd nfs rpc-bind ssh
  ports:
  protocols:
  forward: no
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

rimelek · May 6, 2023, 10:08am

Docker creates veth interfaces for inter-container communication. That is probably what you see.

Topic		Replies	Views
Overlay network and bridge network General docker , swarm	0	473	September 20, 2020
Very large number of `veth` interfaces General azure	4	5315	April 6, 2017
Docker 1.10.3 not cleaning veth interfaces General docker	0	2095	August 31, 2016
Issue / lack of comprehension about docker and iptables mechanics General	0	1233	February 14, 2019
Publish port in Docker Swarm creates another net interface in container (on ingress network) Swarm	0	318	July 1, 2023

Lots of veth* interface on firewalld zone

Related topics