manifests/implementations/shorewall/docker.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

# See http://serverfault.com/questions/579726/docker-shorewall
class firewall::implementations::shorewall::docker($device = 'eth0') {
  class { 'firewall::forwarding': }

  shorewall::masq { "${device}-dock":
    interface => "${device}",
    source    => '172.17.0.0/16',
    order     => '10',
  }

  shorewall::zone { 'dock':
    type  => 'ipv4',
    order => '10',
  }

  shorewall::policy { 'dock-all':
    sourcezone      => 'dock',
    destinationzone => 'all',
    policy          => 'ACCEPT',
    order           => 10,
  }

  shorewall::interface { 'docker0': 
   zone    => 'dock',
   rfc1918 => false,
   options => 'tcpflags,blacklist,routefilter,nosmurfs,logmartians',
  }
}