Interface "docker0" in YaST Firewall?

Hi again and happy holidays!

I had a look at YaST Firewall for some reason and found there on at least 2 TW installs (more I didn’t check yet, all KDE plain vanilla without docker installed according to YaST Software Management) in YaST Firewall -> Interfaces a strange “docker0” interface with zone “docker”.

Why is it there and how to remove it?

Although an interface can be removed a number of ways (YaST > Network Settings, manually removing interface files, etc) IMO if your Firewall doesn’t enable and match a zone to the interface, it’s not likely going to be doing anything… But you can check by running the following which lists your active interfaces

ip addr

TSU

Hi
Because it was added via a bug report…

File firewalld.spec of Package firewalld - openSUSE Build Service (line 154)


- Add firewalld zone for the docker0 interface. This is the
  workaround for lack of nftables support in docker. Without that
  additional zone, containers have no Internet connectivity.
  (rhbz#1817022)

Great things changelogs :wink:

Great things changelogs

My son always says when watching zypper dup after downloading the updates, while the status is “Reading changelogs”:

“Somebody has to read it…” :smiley:

How to remove this trash? :slight_smile: Nothing in networking, interfaces or alike…

OK, deleting /usr/lib/firewalld/zones/docker-zone.xml does the job for the moment, most likely this interface will re-appear after the next update of firewalld. It’s simply rude to add random interfaces to the firewall on other peoples computers.

This “patch/hack” could be added when installing docker, no need to have that on machines that simply don’t need that.

1 Like