It depends on the ports you need for your containers.
For testing I’d go with open policy like that:
/etc/e-smith/templates/etc/shorewall/policy/35aqua should look like that:
# 35aqua -- the Docker network policy
aqua net ACCEPT
$FW aqua ACCEPT
aqua $FW ACCEPT
loc aqua ACCEPT
Rules configuration is really simple:
# 65aqua Accept ping from aqua
Ping/ACCEPT aqua $FW
# 65aqua -- Rules for Docker containers
ACCEPT aqua $FW tcp 3306
The first rule accepts ping from aqua to the firewall.
The second rule accepts mariadb from firewall to aqua
Here are some commonly used rules:
Don’t forget to apply changes with
Next to bad security, I don’t know if that would be possible easily. Think of DHCP server vs docker setting IPs but never tested.