{"id":17909077,"url":"https://github.com/mback2k/docker-firewalld-shim","last_synced_at":"2025-03-23T20:31:28.477Z","repository":{"id":141896381,"uuid":"227911718","full_name":"mback2k/docker-firewalld-shim","owner":"mback2k","description":"Shim to trigger the recreation of docker iptables to use with iptables-persistent / netfilter-persistent and systemd","archived":false,"fork":false,"pushed_at":"2019-12-17T21:18:11.000Z","size":25,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-06-19T18:01:03.139Z","etag":null,"topics":["docker","firewalld","golang-application","iptables-manager","iptables-persistent","iptables-restore","iptables-save","netfilter-persistent","systemd"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mback2k.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-12-13T19:51:19.000Z","updated_at":"2023-12-20T19:43:37.000Z","dependencies_parsed_at":"2023-03-13T10:27:53.640Z","dependency_job_id":null,"html_url":"https://github.com/mback2k/docker-firewalld-shim","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mback2k%2Fdocker-firewalld-shim","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mback2k%2Fdocker-firewalld-shim/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mback2k%2Fdocker-firewalld-shim/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mback2k%2Fdocker-firewalld-shim/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mback2k","download_url":"https://codeload.github.com/mback2k/docker-firewalld-shim/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221915442,"owners_count":16901081,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","firewalld","golang-application","iptables-manager","iptables-persistent","iptables-restore","iptables-save","netfilter-persistent","systemd"],"created_at":"2024-10-28T19:19:56.720Z","updated_at":"2024-10-28T19:19:57.399Z","avatar_url":"https://github.com/mback2k.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"docker-firewalld-shim\n=====================\nThis Go program is a compatibility shim to trigger the recreation\nof docker iptables to use with netfilter-persistent and systemd.\n\n[![Build Status](https://travis-ci.org/mback2k/docker-firewalld-shim.svg?branch=master)](https://travis-ci.org/mback2k/docker-firewalld-shim)\n[![GoDoc](https://godoc.org/github.com/mback2k/docker-firewalld-shim?status.svg)](https://godoc.org/github.com/mback2k/docker-firewalld-shim)\n[![Go Report Card](https://goreportcard.com/badge/github.com/mback2k/docker-firewalld-shim)](https://goreportcard.com/report/github.com/mback2k/docker-firewalld-shim)\n\nInstallation\n------------\nYou basically have two options to install this Go program package:\n\n1. If you have Go installed and configured on your PATH, just do the following go get inside your GOPATH to get the latest version:\n\n```\ngo get -u github.com/mback2k/docker-firewalld-shim\n```\n\n2. If you do not have Go installed and just want to use a released binary,\nthen you can just go ahead and download a pre-compiled Linux amd64 binary from the [Github releases](https://github.com/mback2k/docker-firewalld-shim/releases).\n\nFinally put the docker-firewalld-shim binary onto your PATH and make sure it is executable.\n\nUsage\n-----\nThe following is an example of a systemd.service unit file which runs this shim as a daemon:\n\n```\n[Unit]\nDescription=Docker FirewallD Shim\nWants=network.target\nAfter=dbus.service\nBefore=docker.service\nConflicts=firewalld.service\nPartOf=iptables.service ip6tables.service ebtables.service ipset.service netfilter-persistent.service\nReloadPropagatedFrom=iptables.service ip6tables.service ebtables.service ipset.service netfilter-persistent.service\n\n[Service]\nType=dbus\nBusName=org.fedoraproject.FirewallD1\nExecStart=/usr/local/sbin/docker-firewalld-shim\nExecReloaded=/bin/kill -HUP $MAINPID\nKillMode=mixed\nRestart=on-failure\nPrivateTmp=true\nProtectHome=true\nProtectSystem=full\n\n[Install]\nWantedBy=docker.service\n```\n\nThis daemon service replaces and conflicts with the original `firewalld.service`,\nsince it provides a subset of the firewalld interface in order to allow the docker\ndaemon to detect firewalld as running and passthrough all iptables commands to it.\n\nIn order to be able to actually run and use this tool as a firewalld simulation,\nyou need to deploy the dbus system policy for firewalld to `/etc/dbus-1/system.d/`:\n\nJust store the following file from the firewalld project repository:\n```\nhttps://raw.githubusercontent.com/firewalld/firewalld/v0.8.0/config/FirewallD.conf\n```\nas:\n```\n/etc/dbus-1/system.d/FirewallD.conf\n```\nand then reload the dbus service via `systemctl reload dbus`.\n\nDisclaimer\n----------\nThis tool is meant as an easy way to make docker recreate its iptables rules\nwithout restarting it and all containers. This tool does not fully implement\nthe firewalld interface specification and is not tested for any other purpose.\n\nI personally use this tool to make docker recreate its rules after I have\ndeployed changes to the firewall rules through iptables-restore via Ansible.\n\nCredits\n-------\nThis tool was developed by inspecting the following files from the docker/libnetwork repository:\n\n* https://github.com/docker/libnetwork/blob/bump_19.03/iptables/firewalld.go\n* https://github.com/docker/libnetwork/blob/bump_19.03/iptables/iptables.go\n\nThis tool was developed by inspecting the following files from firewalld/firewalld repository:\n\n* https://github.com/firewalld/firewalld/blob/v0.8.0/src/firewall/core/fw.py\n* https://github.com/firewalld/firewalld/blob/v0.8.0/src/firewall/core/fw_direct.py\n* https://github.com/firewalld/firewalld/blob/v0.8.0/src/firewall/core/fw_zone.py\n* https://github.com/firewalld/firewalld/blob/v0.8.0/src/firewall/core/ipXtables.py\n* https://github.com/firewalld/firewalld/blob/v0.8.0/src/firewall/core/prog.py\n\nThanks to Open Source it was possible to develop this small helper tool!\n\nLicense\n-------\nCopyright (C) 2018 - 2019, Marc Hoersken \u003cinfo@marc-hoersken.de\u003e\n\nThis software is licensed as described in the file LICENSE, which\nyou should have received as part of this software distribution.\n\nAll trademarks are the property of their respective owners.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmback2k%2Fdocker-firewalld-shim","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmback2k%2Fdocker-firewalld-shim","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmback2k%2Fdocker-firewalld-shim/lists"}