Skip to content

firewall: interdocker communication broken when using internal networks #45126

Open
Open
firewall: interdocker communication broken when using internal networks#45126
Labels
area/networkingNetworkingkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.status/0-triage
@msilveirabr

Description

@msilveirabr
msilveirabr
opened on Mar 9, 2023

Description

bridge network set to internal does not respect icc set to true.
moby/libnetwork#2647

Reproduce

docker network create -d bridge --internal --opt com.docker.network.bridge.enable_icc=true icc_on -> containers on this network should communicate
docker network create -d bridge --internal --opt com.docker.network.bridge.enable_icc=false icc_off -> containers on this network should NOT communicate ( no the issue, works OK )

Expected behavior

ICC communication should work when bridge option com.docker.network.bridge.enable_icc ise set to true.

docker version

Client: Docker Engine - Community
 Version:           20.10.23
 API version:       1.41
 Go version:        go1.18.10
 Git commit:        7155243
 Built:             Thu Jan 19 17:34:54 2023
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.23
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.10
  Git commit:       6051f14
  Built:            Thu Jan 19 17:32:33 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.15
  GitCommit:        5b842e528e99d4d4c1686467debf2bd4b88ecd86
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.10.0-docker)
  compose: Docker Compose (Docker Inc., v2.15.1)
  scan: Docker Scan (Docker Inc., v0.23.0)

Server:
 Containers: 13
  Running: 13
  Paused: 0
  Stopped: 0
 Images: 20
 Server Version: 20.10.23
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 5b842e528e99d4d4c1686467debf2bd4b88ecd86
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 6.1.7-200.fc37.x86_64
 Operating System: Fedora Linux 37 (Thirty Seven)
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 7.473GiB
 Name: portainerpod-fc37.ad.livreti.com.br
 ID: NLRN:SHTH:EEZZ:342V:TYBL:B22V:OFHN:FJ2G:VT7J:ZWNL:2AHN:HAUZ
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/networkingNetworkingkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.status/0-triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions