# See http://serverfault.com/questions/579726/docker-shorewall class firewall::docker($device = 'eth0') { class { 'firewall::forwarding': } shorewall::masq { "${device}-dock": interface => "${device}", source => '172.17.0.0/16', order => '10', } shorewall::zone { 'dock': type => 'ipv4', order => '10', } shorewall::policy { 'dock-all': sourcezone => 'dock', destinationzone => 'all', policy => 'ACCEPT', order => 10, } shorewall::interface { 'docker0': zone => 'dock', rfc1918 => false, options => 'tcpflags,blacklist,routefilter,nosmurfs,logmartians', } }