It should note that bridge interface may need to be added to a firewall zone with firewalld

[yryo617]

File: network/network-tutorial-standalone.md

This article should include warning that in some environments (e.g. firewalld on clean-install CentOS 8) user-defined bridge interface (which may be done via docker-compose) must be added to a zone using firewall-cmd.
Without a zone defined, firewalld will prohibit any communication between containers using that bridge.

[devZer0]

yes please!!! pulling my hair out for >1 hour now because of this !!!

[devZer0]

oh, btw - adding that interfaces manually via firewall-cmd is a workaround - not a solution.

the solution is, to integrate docker with firewalld on centos8.

i'm curious how centos8 is mentioned for usage when integration apparently is incomplete.

https://docs.docker.com/engine/install/centos/#prerequisites
"To install Docker Engine, you need a maintained version of CentOS 7 or 8"

there should at least exist a hint with some warning that br-${docker_network_id} don't get added to appropriate firewalld zone and thus, outgoing conections from inside docker containers won't work

[docker-robott]

There hasn't been any activity on this issue for a long time.
If the problem is still relevant, mark the issue as fresh with a /remove-lifecycle stale comment.
If not, this issue will be closed in 14 days. This helps our maintainers focus on the active issues.

Prevent issues from auto-closing with a /lifecycle frozen comment.

/lifecycle stale

[devZer0]

/remove-lifecycle stale

[rodrigogonegit]

This is happening to me after upgrading to docker Docker version 27.1.2, build d01f264 and firewalld 1.3.3. Debian 12.

How to reproduce:

• Make sure iptables is disabled.
• Make sure firewalld is enabled
• Run these

docker network create --driver bridge mytestnet
docker run --net mytestnet --name terminal_a -it busybox sh
docker run --net mytestnet --name terminal_b -it busybox sh

• Get in the containers and try to ping. Observe it does not work.
• Disable firewalld.
• Observe it works
• Re-enable firewalld with sudo systemctl start firewalld.service
• Aditionally, run ip -br a to save which interface points to the network you created above, in my case it is br-281213661d1e
• Run sudo firewall-cmd --zone=docker --change-interface=br-281213661d1e to add said interface to the docker zone
• Repeat ping. Observe it works.