Why do I have active docker firewalld zone?

Hi All,

I just installed a new OpenSuse Leap 15.5 and reviewing my firewall configuration. What I struggle to understand why I have active docker zone if I don’t intend to use docker, I don’t have docker0 network interface. What am I missing here?

suse15:~ # firewall-cmd --get-active-zone
interfaces: docker0
interfaces: eth0 eth1


1 Like

Zone is considered active if it has assigned interface(s). Zone where interface(s) is(are) assigned statically is always active. “Active” in the sense - firewalld will create netfilter rules that reference this interface. docker and docker0 come with default configuration in upstream firewalld. If you do not want to see them, modify docker zone and remove docker0 interface.

Interfaces come and go, they can be hot added and hot removed. Interface does not need to exist when netfilter rule referencing this interface is created.

1 Like

Wow, podman doesn’t seem to require these hacks! :slightly_smiling_face:

But I don’t have docker containers and I don’t even have docker installed. Why would Suse expect me to have docker containers?
What is more, I don’t even have the docker0 network interface. Does it have to be an active zone (I don’t even know how it can be active with non-existent interface assigned to it)? Maybe those who want this docker can make the zone active if they need it. It seems like a pretty ugly workaround.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.