> So obviously something about disabling firewalld allows for the
packet to pass
> through the forward chain and hit the mangle POSTROUTING. It's completely
unclear
> to me how to diagnose what might be going on here, any tips appreciated. I have the
> fully verbose outputs in this gist:
Try adding the docker bridge to the "trusted" firewalld zone.
# firewall-cmd --zone trusted --add-interface docker0
docker (moby) very recently gained integration with firewalld [2].
Hey Eric, that seems to have perfectly resolved my problem! I'm confused because it
previously
worked until I started messing about with my other interfaces, creating a bridge and
assigning
it master to the physical NIC. I never really touched the docker0 interface, and adding it
to
trusted suddenly made it start working. My understanding are firewalld zones are INPUT
only? Could you elaborate on what traffic was getting blocked prefiously, but by adding
the
docker0 iface to the trusted zone, I had suddenly whitelisted it?
Thanks again! You're always a huge help.