So I was trying to see what the default configuration was like and I ran these commands:
u@localhost:~> firewall-cmd --get-default-zone
public
u@localhost:~> firewall-cmd --get-active-zones
docker
interfaces: docker0
public
interfaces: eth0
I know I have an Ethernet port, so eth0 in the public zone is normal, but I do not know about a docker interface in the docker zone. Dug deeper and this is what I found:
usudo firewall-cmd --info-zone=docker
[sudo] password for root:
docker (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: docker0
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
u@localhost:~> sudo firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Reading through the Security Guide in documentation, my understanding is:
-
Outbound = always allowed
-
Inbound = allowed IF the corresponding service is allowed in the zone
So if I compare the zone info of docker and public, my questions are:
- What is the “target” field in the zone info?
1-A. ACCEPTis pretty much self-explanatory but I’m not sure what “default” means in the public zone. What is it?
-
So basically since there are no listed services in the docker zone, that means inbound connections are…not allowed? (and only DHCPv6 client traffic inbound are accepted for the public zone?)
-
I did
zypper search -d dockerand I can see that docker is not installed. Why do I have a docker interface? Is this default in openSUSE?