By default, when Docker starts the container mapping port, it will directly use iptables to open and add the port.
firewalld also uses iptables to manage the bottom layer to implement the firewall function. So there will be no open ports in the firewall, but the container will open itself after starting, and there is no record on firewalld
test questions
# 创建一个容器
docker run --name mysql -p 3306:3306 -d mysql
# 使用iptables命令进行查看
iptables -nL DOCKER
# 关闭容器
docker stop mysql
# 再查看防火墙规则
iptables -nL DOCKER
It can be seen here that it is a problem with docker, so you need to modify the configuration of docker
Concrete operation
1. Close ESlinux (not necessary).
Sometimes when the container is created, some strange errors will be reported due to the existence of eslinux, so close it here first.
getenforce # 查看eslinux状态
setenforce 0 # 临时关闭eslinux
vim /etc/selinux/config
Change SELINUX=enforcing to ``SELINUX=disabled`
to modify the configuration and restart linux to take effect
2. Adjust the Docker service configuration
# 先停止docker
systemcl stop docker
# 修改配置
vim /etc/docker/daemon.json
# 重启docker
systemctl restart docker