:apa: スプリットショックウイルス † on Nostr: nprofile1q…rws5x I'm not criticizing your swarm. I'm telling you it modifies ...
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq7e84z2qzre2r44veltedg5mtynnunrdasec7py8vglgvl629q77q4rws5x (nprofile…ws5x)
I'm not criticizing your swarm. I'm telling you it modifies iptables in a way counter productive to standard firewall security of deny by default and allow by exception. If you allow all ports by default then this doesn't apply to you.
I found this thing asking the robot™
dockerd --iptables=false: Disables Docker's management of iptables rules.
This probably will break dockers automagic port mapping which means you'll not only need to allow it manually you'll also need to do NAT manually (annoying).
I'm not criticizing your swarm. I'm telling you it modifies iptables in a way counter productive to standard firewall security of deny by default and allow by exception. If you allow all ports by default then this doesn't apply to you.
I found this thing asking the robot™
dockerd --iptables=false: Disables Docker's management of iptables rules.
This probably will break dockers automagic port mapping which means you'll not only need to allow it manually you'll also need to do NAT manually (annoying).