I have to use docker for some program but I also manage my local network with ip(6)tables manually. I don't want docker to interfere and mess things up so I set "iptables: falsein/etc/docker/daemon.json`. Today I find my ip6tables is still changed by docker:
Chain FORWARD (policy DROP 19653 packets, 1406K bytes) pkts bytes target prot opt in out source destination 19653 1406K DOCKER-USER 0 -- * * ::/0 ::/0 Chain DOCKER (0 references) pkts bytes target prot opt in out source destination Chain DOCKER-ISOLATION-STAGE-1 (0 references) pkts bytes target prot opt in out source destination 0 0 DOCKER-ISOLATION-STAGE-2 0 -- docker0 !docker0 ::/0 ::/0 0 0 RETURN 0 -- * * ::/0 ::/0 Chain DOCKER-ISOLATION-STAGE-2 (1 references) pkts bytes target prot opt in out source destination 0 0 DROP 0 -- * docker0 ::/0 ::/0 0 0 RETURN 0 -- * * ::/0 ::/0 Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 19653 1406K RETURN 0 -- * * ::/0 ::/0 The most problematic part is that the FORWARD chain policy is changed.
I don't want docker to change it anyway as the other noop rules still take my time to look. Is there another hidden setting can help me? (I prefer to leave the container with IPv6 support but if that can't be achieved, I'm fine with disabling it.)
My docker version is 27.0.3 on Arch Linux currently.
ip6tables: False?