Shorewall in Debian stable does not work with docker
I tried following the docs here:
https://shorewall.org/Docker.html
but unfortunately, even with the systemd override it still clobbered my iptables rules, and led to other problems with docker networking.
I rebuilt the debian packages using 5.2.4
and this fixed the problem - docker starts/restarts before/after shorewall, and iptables are preserved correctly.
I would suggest that either the docs need to be updated to reflect that it doesnt work, or a backports package is added.
Debian testing/unstable/experimental all use < 5.2.4 so i would imagine the problem is the same for those versions.
Edited by Ryan Northey