Page 1 of 1

new docker support not working

Posted: 07 Mar 2018, 16:09
by marcele
I tired to enable the new docker support after upgrading to CSF 12.00 and remove our old csfpost.sh but I get this when I try to restart CSF on our Plesk server (using csf generic). It looks like the docker0 device isn't being passed to the new rules? In our upgraded csf.conf there was no DOCKER_DEVICE setting present in the config file.

Code: Select all

[root@dev0.server~]# csf -r
Bad argument `MASQUERADE'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `conntrack'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `ACCEPT'
Try `iptables -h' or 'iptables --help' for more information.
*ERROR* line:[1252]
Command:[/sbin/iptables   -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o  -j MASQUERADE]
Error:[Bad argument `MASQUERADE']
You should check through the main output carefully

*ERROR* line:[1253]
Command:[/sbin/iptables   -A FORWARD -o  -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT]
Error:[Bad argument `conntrack']
You should check through the main output carefully

*ERROR* line:[1254]
Command:[/sbin/iptables   -A FORWARD -i  ! -o  -j ACCEPT]
Error:[Bad argument `ACCEPT']
You should check through the main output carefully

Update: manually adding the DOCKER_DEVICE missing option below to the docker section in /etc/csf/csf.conf fixed the problem:

Code: Select all

# The network device on the host
DOCKER_DEVICE = "docker0"

Re: new docker support not working

Posted: 07 Mar 2018, 16:14
by ForumAdmin
I just found that omission after your before your edit. It will be included correctly in the next release. Thank you for reporting it.

Re: new docker support not working

Posted: 10 Apr 2019, 23:10
by nibb
Does this still work for you? I cannot make CSF play nice with Docker. Latest Docker and latest CentOS 7.

Initially it seems to work. I can launch containers, restart, etc. But then if I make some change on CSF and restart it, Docker will complain about iptables rules. It seems restarting the Docker service fixes this but I'm sure if that is the issue because even restarting the server will not fix this until you restart the Docker service manually which seems really strange.