Hi all, I have a machine with a hand-rolled firewall script, which just runs iptables commands - all well and good. The trickiest bits are for my LXC containers; I need to forward ports etc - but that's ok. The complications start when I add fail2ban - now I have an extra bit in my init script that reloads fail2ban after reloading my script, because my script does a flush of all existing rules. This is now getting ugly, but it still worked. Does anyone have better ideas for that stage? Do any of the many firewall tools cope with this adequately? I do have a hitch on this machine (but not on another similar one) in that it hangs on boot ... I'm not sure why, except I suspect running an init script on a systemd system may be a contributing factor - except that my other firewall was also upgraded to jessie+systemd, and it works. I haven't figured that one out yet. Now the biggie: I want to add Docker. Docker wants to do its own thing with iptables. Do I need to resort to just telling Docker to keep its hands off, and do everything myself? Are there any good tools out there that allow for integration of multiple firewall systems, and produce reasonably straightforward rule sets? Any other tips - ie answers to questions I didn't think of asking? :-) Thanks, Richard
Attachment:
signature.asc
Description: OpenPGP digital signature