action #94132: Test running container networking with firewall - Containers and images - openSUSE Project Management Tool

Actions

Copy link

action #94132

closed

Test running container networking with firewall

Added by jlausuch over 3 years ago. Updated about 2 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

pdostal

Target version:

Start date:

2021-06-17

Due date:

% Done:

Estimated time:

Tags:

containers

Description

In container tests we are purely testing containers with firewall disabled.

QE shall have at least 1 test to check the functionality of containers with firewall running to avoid these kind of problems.

At least, this use case should be covered:
1) Enable firewall
2) Install docker/podman
3) Create containers
4) Ping/netcat host and outside world from the container

In some cases this works out of the box, but I have the experience that firewall might need to be restarted.

We should also check the iptables rules that are created when starting docker service. For example I have seen some warning messages like this in the firewall log:

> Jun 16 11:56:25 localhost firewalld[4824]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -X DOCKER' failed: iptables: No chain/target/match by that name.
> Jun 16 11:56:26 localhost firewalld[4824]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -F DOCKER' failed: iptables: No chain/target/match by that name.
> Jun 16 11:56:26 localhost firewalld[4824]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -X DOCKER' failed: iptables: No chain/target/match by that name.
> Jun 16 11:56:26 localhost firewalld[4824]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -F DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
> Jun 16 11:56:26 localhost firewalld[4824]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -X DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
> Jun 16 11:56:26 localhost firewalld[4824]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -F DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
> Jun 16 11:56:26 localhost firewalld[4824]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -X DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
> Jun 16 11:56:26 localhost firewalld[4824]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
> Jun 16 11:56:26 localhost firewalld[4824]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.

The test should also double check that the iptable rules/forwarding are correct.

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

QA (public) » openQA Project (public) » openQA Tests (public) » Containers and images

Tags

Custom queries

action #94132

Test running container networking with firewall

Updated by jlausuch over 3 years ago

Updated by jlausuch over 3 years ago

Updated by ph03nix about 3 years ago

Updated by jlausuch about 3 years ago

Updated by ph03nix about 3 years ago

Updated by pdostal about 3 years ago

Updated by pdostal about 3 years ago

Updated by jlausuch about 3 years ago

Updated by pdostal about 3 years ago

Updated by pdostal about 3 years ago

Updated by pdostal about 3 years ago

Updated by ph03nix about 2 months ago