Skip to content

Updates for moby 28.0.1 #22086

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 26, 2025
Merged

Updates for moby 28.0.1 #22086

merged 3 commits into from
Feb 26, 2025

Conversation

@robmry
Copy link
Contributor

@robmry robmry commented Feb 23, 2025

Description

  • Describe new iptables chain DOCKER-FORWARD, which splits Docker's rules out of the main FORWARD chain where they were being antisocial - related to Add chain DOCKER-FORWARD moby/moby#49518
  • Update notes about IP Forwarding and the default DROP policy
  • Only engine < 28.0.0 allows remote access to ports published to the localhost address

Related issues or tickets

Reviews

  • Technical review
  • Editorial review
  • Product review

@github-actions github-actions bot added area/engine Issue affects Docker engine/daemon area/networking Relates to anything around networking labels Feb 23, 2025
@netlify
Copy link

netlify bot commented Feb 23, 2025
edited
Loading

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 0a94868
🔍 Latest deploy log https://app.netlify.com/sites/docsdocker/deploys/67bc4c01f2e13c000866f973
😎 Deploy Preview https://deploy-preview-22086--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@robmry robmry marked this pull request as ready for review February 23, 2025 12:44
@robmry robmry force-pushed the add_docker_forward_moby_28.0.1 branch from 69cc8ea to 0a94868 Compare February 24, 2025 10:37
@thaJeztah
Copy link
Member

thaJeztah commented Feb 24, 2025

Just a quick check, because I tend to zone out on iptables rules 😂 - with the rewrite, the docs are still usable for those who didn't update to v28.0.0 / v28.0.1, or is there a differentiation we need to make ("if you're running < v28.0, then ....")?

I know we try to keep our docs reflect "current version" in most cases, but just in case it's relevant for people who are not yet on latest.

@robmry
Copy link
Contributor Author

robmry commented Feb 24, 2025

Just a quick check, because I tend to zone out on iptables rules 😂 - with the rewrite, the docs are still usable for those who didn't update to v28.0.0 / v28.0.1, or is there a differentiation we need to make ("if you're running < v28.0, then ....")?

I know we try to keep our docs reflect "current version" in most cases, but just in case it's relevant for people who are not yet on latest.

I think it's ok ... in the third commit I left in the warning about remote access to ports published to 127.0.0.1 ("In releases older than 28.0.0 ..."). And, in the second commit I noted the change in setting the FORWARD policy to DROP (with another "In releases older than 28.0.0, ..." warning).

@thaJeztah
Copy link
Member

thaJeztah commented Feb 24, 2025

☝️ to prevent accidental merge; I think these docs changes should go in after we did the v28.0.1 release, so don't merge yet until we did to prevent confusion 😅

@aevesdocker aevesdocker added the status/do-not-merge Pull requests that are awaiting some event or decision before they can be merged. label Feb 24, 2025
@thaJeztah thaJeztah mentioned this pull request Feb 26, 2025
Merged
3 tasks
@aevesdocker aevesdocker removed the status/do-not-merge Pull requests that are awaiting some event or decision before they can be merged. label Feb 26, 2025
@aevesdocker aevesdocker merged commit 2090e5b into docker:main Feb 26, 2025
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aevesdocker aevesdocker aevesdocker approved these changes

@thaJeztah thaJeztah Awaiting requested review from thaJeztah

+1 more reviewer

@akerouanton akerouanton akerouanton approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area/engine Issue affects Docker engine/daemon area/networking Relates to anything around networking

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@robmry @thaJeztah @akerouanton @aevesdocker