new docker support not working

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
marcele
Junior Member
Posts: 214
Joined: 17 Sep 2007, 17:02

new docker support not working

Post by marcele »

I tired to enable the new docker support after upgrading to CSF 12.00 and remove our old csfpost.sh but I get this when I try to restart CSF on our Plesk server (using csf generic). It looks like the docker0 device isn't being passed to the new rules? In our upgraded csf.conf there was no DOCKER_DEVICE setting present in the config file.

Code: Select all

[root@dev0.server~]# csf -r
Bad argument `MASQUERADE'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `conntrack'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `ACCEPT'
Try `iptables -h' or 'iptables --help' for more information.
*ERROR* line:[1252]
Command:[/sbin/iptables   -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o  -j MASQUERADE]
Error:[Bad argument `MASQUERADE']
You should check through the main output carefully

*ERROR* line:[1253]
Command:[/sbin/iptables   -A FORWARD -o  -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT]
Error:[Bad argument `conntrack']
You should check through the main output carefully

*ERROR* line:[1254]
Command:[/sbin/iptables   -A FORWARD -i  ! -o  -j ACCEPT]
Error:[Bad argument `ACCEPT']
You should check through the main output carefully

Update: manually adding the DOCKER_DEVICE missing option below to the docker section in /etc/csf/csf.conf fixed the problem:

Code: Select all

# The network device on the host
DOCKER_DEVICE = "docker0"
Last edited by marcele on 07 Mar 2018, 16:16, edited 2 times in total.
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: new docker support not working

Post by ForumAdmin »

I just found that omission after your before your edit. It will be included correctly in the next release. Thank you for reporting it.
nibb
Junior Member
Posts: 12
Joined: 20 Apr 2013, 03:15

Re: new docker support not working

Post by nibb »

Does this still work for you? I cannot make CSF play nice with Docker. Latest Docker and latest CentOS 7.

Initially it seems to work. I can launch containers, restart, etc. But then if I make some change on CSF and restart it, Docker will complain about iptables rules. It seems restarting the Docker service fixes this but I'm sure if that is the issue because even restarting the server will not fix this until you restart the Docker service manually which seems really strange.
Post Reply