[ucore] After rebase: docker network_mode host not working

SHU-red · August 4, 2025, 6:20pm

Due to the topic above, i recently switched images

from

fedora-coreos:stable-nvidia

with docker-compose installed via rpm-ostree

to

uninstalled docker-compose and then rebased to

ucore:stable-nvidia

now

Basically everything went well, but now i am not able to connect to my docker-containers with network_mode: host anymore

All other with a specified port are working and when i temporarily comment out network_mode and specify ports it works

tell me

what obvious thing i do not realize is different in terms of ?configuration? to get my services connected again

Thanks

SHU-red · August 4, 2025, 7:24pm

Additionally:

sudo docker inspect homeassistant

[
    {
        "Id": "fc39b116ce679e6395119bb07e0a73f93bb5101bdf40733c928d887b355e42be",
        "Created": "2025-07-28T12:03:26.600299874Z",
        "Path": "/init",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 6960,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2025-08-04T17:31:17.629042877Z",
            "FinishedAt": "2025-08-04T17:29:37.898042043Z"
        },
        "Image": "sha256:aeb3f13b1c05707cfdc8e7f802975fb633a1d686049ae2a0c34610516f711dc2",
        "ResolvConfPath": "/var/lib/docker/containers/fc39b116ce679e6395119bb07e0a73f93bb5101bdf40733c928d887b355e42be/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/fc39b116ce679e6395119bb07e0a73f93bb5101bdf40733c928d887b355e42be/hostname",
        "HostsPath": "/var/lib/docker/containers/fc39b116ce679e6395119bb07e0a73f93bb5101bdf40733c928d887b355e42be/hosts",
        "LogPath": "/var/lib/docker/containers/fc39b116ce679e6395119bb07e0a73f93bb5101bdf40733c928d887b355e42be/fc39b116ce679e6395119bb07e0a73f93bb5101bdf40733c928d887b355e42be-json.log",
        "Name": "/homeassistant",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "system_u:object_r:container_file_t:s0:c1022,c1023",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/var/home/core/dvol/homeassistant_config:/config:rw,Z",
                "/etc/localtime:/etc/localtime:rw",
                "/run/dbus:/run/dbus:rw"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "host",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "unless-stopped",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "ConsoleSize": [
                0,
                0
            ],
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "private",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": [],
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": true,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": [
                "label=disable"
            ],
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": null,
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": null,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": null,
            "ReadonlyPaths": null
        },
        "GraphDriver": {
            "Data": {
                "ID": "fc39b116ce679e6395119bb07e0a73f93bb5101bdf40733c928d887b355e42be",
                "LowerDir": "/var/lib/docker/overlay2/94030a2f437cec15f0a401716b6129dc603325fbff3f7188b96f897cbe711c17-init/diff:/var/lib/docker/overlay2/9febe2e1c27f6abe7576b8c542014a4fb69850b332267c0e5f7d1b0e1b85a9e5/diff:/var/lib/docker/overlay2/9491536b18f6120fee92bca69181a03165204b688edeb0df5fd11143dd96307e/diff:/var/lib/docker/overlay2/59dbee26cf15204f788e6deafe43fa13004c5edc39fe09eee1da5f241bad5e4c/diff:/var/lib/docker/overlay2/17fe8c7abeece39d24a1156a2c77f8612d86a13bcd8eb1d36a72f6020c4443df/diff:/var/lib/docker/overlay2/92be35eaf29264806575e1d0a98d7e0a6f5244446dda57a9461743f0ea1ed93d/diff:/var/lib/docker/overlay2/979c16861c32f939b43cafe2c9b7793b7744c0cf328276cef565b9f1b14618d4/diff:/var/lib/docker/overlay2/e800d9f63aa128424156063a43d6b4c011eaa889fa45af02857a0212f03639fe/diff:/var/lib/docker/overlay2/aeb1d264543e458aacc73725284c79721ff2733765cbb82844d3f8e20fe360fc/diff:/var/lib/docker/overlay2/6d50c84b5b34344e49761e75d79e64a537b74c4cd4c82c67d4c97bc64fa2ce18/diff:/var/lib/docker/overlay2/873e31e389f003b5d632e1ab56425036152c976f8d048a6f42ccec384a06450f/diff:/var/lib/docker/overlay2/4d520a2caa2b4674b93335662fb7de1fd44b83a9fa92f919102c2be0a201fe36/diff:/var/lib/docker/overlay2/5dc2e49a272bed09abe82ccf4743fa4d2789f97bcf07bd9f9ea0eced5bf280e5/diff:/var/lib/docker/overlay2/05f0d369e4ec1c616507a22ebc028ce5c2b1fd58dd119e2e8d90c6b0bb9f5f1b/diff:/var/lib/docker/overlay2/8cbe10faea6eaef2c4f3e5c4a8d3194fa11a04939655810df75502abfdf17cd9/diff:/var/lib/docker/overlay2/8609c3d65b5453a7b48d08402496903f08e39ecc11c4187304d1db8cdedf0646/diff:/var/lib/docker/overlay2/a44e6533b838f59166dec96a6789eda6d7caaee4b4ebae190e274cb69b5541f4/diff:/var/lib/docker/overlay2/86f2776735ca6bf851707f1098f664f6af01dc8e1839aafe00f78741c4f6e96a/diff:/var/lib/docker/overlay2/2df260f85b2fcb6211de34135aea7fe1cfa4bd13966dd33f896c7ee6a932054e/diff:/var/lib/docker/overlay2/b12140c1f7ce739d835b2cc95270ff39e5f4489686ef71d40f90d97a5411b34e/diff:/var/lib/docker/overlay2/458663fccb36e1ff477ccb385bac91ccb52034c71c51c925df7688af09000241/diff:/var/lib/docker/overlay2/3ce5ed9c23b269c2f9013c0baa9861e2d2a73bbb5e1ad12c923af7ad2c9808ed/diff:/var/lib/docker/overlay2/06836a4d20f5fa80550fa6b98cb37fa76b6682c9f2f37eb965731ed43f1f23f5/diff:/var/lib/docker/overlay2/71d48cb5be5b936f061d0fd94c1aa78e7b92c22adf9be594c3cba18de8ca4968/diff:/var/lib/docker/overlay2/f74a3b4ae915cf76500449f67f95a2c28ca4df246e85f138ef5ac3263ad48c7f/diff:/var/lib/docker/overlay2/ac6602e447445b628e556bb2810813df437b50417fa6b51a4f40ebc36653d8ea/diff:/var/lib/docker/overlay2/ecc836a2060677bd4ad5fa5e37ecd8391d13f5aeaa2a872a2f38bf80701dbe65/diff:/var/lib/docker/overlay2/acefed25e86352b24cbb7a8be3257a29d24ef2e1827820aaa76d1b06415f50f7/diff:/var/lib/docker/overlay2/7e9d8d083bd481bd3829394866eb6c708499c4cb5e095b05d963aa1359014713/diff:/var/lib/docker/overlay2/73a2f7cbe7e82e4082c065d2c82f7444a0a08f5560a220b17b5779e892626fe1/diff:/var/lib/docker/overlay2/5492fb829487c46ab03c886b2910fdca3bb994e66fbe45dd67f0f78c42fc8a1a/diff:/var/lib/docker/overlay2/7c54bc0ef79213d19ddd1c230420e6da3c8c8d5be4bfbd003dcacfe2ed1b7401/diff:/var/lib/docker/overlay2/4eaf6664d05e0adc2176be5e9b52c6f0368f84ca3b867ca5e8c04a65c9f1a596/diff:/var/lib/docker/overlay2/91f0dd599b5d107fa442eac949400da858139aebbeca75568dda92f2dd760e66/diff",
                "MergedDir": "/var/lib/docker/overlay2/94030a2f437cec15f0a401716b6129dc603325fbff3f7188b96f897cbe711c17/merged",
                "UpperDir": "/var/lib/docker/overlay2/94030a2f437cec15f0a401716b6129dc603325fbff3f7188b96f897cbe711c17/diff",
                "WorkDir": "/var/lib/docker/overlay2/94030a2f437cec15f0a401716b6129dc603325fbff3f7188b96f897cbe711c17/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/run/dbus",
                "Destination": "/run/dbus",
                "Mode": "rw",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Source": "/var/home/core/dvol/homeassistant_config",
                "Destination": "/config",
                "Mode": "rw,Z",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Source": "/etc/localtime",
                "Destination": "/etc/localtime",
                "Mode": "rw",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "blackpearl",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": true,
            "AttachStderr": true,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "LANG=C.UTF-8",
                "S6_BEHAVIOUR_IF_STAGE2_FAILS=2",
                "S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0",
                "S6_CMD_WAIT_FOR_SERVICES=1",
                "S6_SERVICES_READYTIME=50",
                "UV_EXTRA_INDEX_URL=https://wheels.home-assistant.io/musllinux-index/",
                "S6_SERVICES_GRACETIME=240000",
                "UV_SYSTEM_PYTHON=true",
                "UV_NO_CACHE=true"
            ],
            "Cmd": null,
            "Image": "ghcr.io/home-assistant/home-assistant:stable",
            "Volumes": null,
            "WorkingDir": "/config",
            "Entrypoint": [
                "/init"
            ],
            "OnBuild": null,
            "Labels": {
                "com.docker.compose.config-hash": "0f8d571b64bd57a75be5e1ec6bf036ced6caf6fdfc918dc57553ef4ec83ea091",
                "com.docker.compose.container-number": "1",
                "com.docker.compose.depends_on": "",
                "com.docker.compose.image": "sha256:8502c5301fdbfa067c1694d5585940773708437d03fa1950e7b6d564c867fa2f",
                "com.docker.compose.oneoff": "False",
                "com.docker.compose.project": "homeassistant",
                "com.docker.compose.project.config_files": "/data/compose/370/docker-compose.yml",
                "com.docker.compose.project.working_dir": "/data/compose/370",
                "com.docker.compose.service": "homeassistant",
                "com.docker.compose.version": "2.26.1",
                "io.hass.arch": "amd64",
                "io.hass.base.arch": "amd64",
                "io.hass.base.image": "ghcr.io/home-assistant/amd64-base:3.21",
                "io.hass.base.name": "python",
                "io.hass.base.version": "2025.05.0",
                "io.hass.type": "core",
                "io.hass.version": "2025.7.4",
                "org.opencontainers.image.authors": "The Home Assistant Authors",
                "org.opencontainers.image.created": "2025-07-28 08:22:26+00:00",
                "org.opencontainers.image.description": "Open-source home automation platform running on Python 3",
                "org.opencontainers.image.documentation": "https://www.home-assistant.io/docs/",
                "org.opencontainers.image.licenses": "Apache-2.0",
                "org.opencontainers.image.source": "https://github.com/home-assistant/core",
                "org.opencontainers.image.title": "Home Assistant",
                "org.opencontainers.image.url": "https://www.home-assistant.io/",
                "org.opencontainers.image.version": "2025.7.4"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "83a8de6d1074793a0918310ad8e7da8b757057740a90b5334ad1c5d0c40add29",
            "SandboxKey": "/var/run/docker/netns/default",
            "Ports": {},
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "host": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [],
                    "MacAddress": "",
                    "DriverOpts": null,
                    "GwPriority": 0,
                    "NetworkID": "d7607d2391c32517bd6438fe7b39e43effa894f753df173a87ba101d1cfd6103",
                    "EndpointID": "494ded555f13725049ea091ab32e5aeed58c0c4041c385356147664d276a977f",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "DNSNames": null
                }
            }
        }
    }
]

sudo iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-FORWARD  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (10 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.18.0.49          tcp dpt:8920
ACCEPT     tcp  --  anywhere             172.18.0.49          tcp dpt:8096
ACCEPT     udp  --  anywhere             172.18.0.49          udp dpt:7359
ACCEPT     udp  --  anywhere             172.18.0.49          udp dpt:ssdp
ACCEPT     tcp  --  anywhere             172.18.0.48          tcp dpt:http
ACCEPT     tcp  --  anywhere             172.18.0.47          tcp dpt:8188
ACCEPT     tcp  --  anywhere             172.18.0.46          tcp dpt:8265
ACCEPT     tcp  --  anywhere             172.18.0.45          tcp dpt:commplex-main
ACCEPT     tcp  --  anywhere             172.18.0.45          tcp dpt:macromedia-fcs
ACCEPT     tcp  --  anywhere             172.18.0.44          tcp dpt:websm
ACCEPT     tcp  --  anywhere             172.18.0.43          tcp dpt:wap-wsp
ACCEPT     tcp  --  anywhere             172.18.0.42          tcp dpt:tmi
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:40009
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:40008
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:40007
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:40006
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:40005
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:40004
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:40003
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:40002
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:40001
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:ftp
ACCEPT     tcp  --  anywhere             172.18.0.41          tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             172.18.0.40          tcp dpt:tl1-lv
ACCEPT     tcp  --  anywhere             172.18.0.40          tcp dpt:ssh
ACCEPT     tcp  --  anywhere             172.18.0.39          tcp dpt:hbci
ACCEPT     tcp  --  anywhere             172.18.0.38          tcp dpt:hbci
ACCEPT     tcp  --  anywhere             172.18.0.37          tcp dpt:hbci
ACCEPT     tcp  --  anywhere             172.18.0.36          tcp dpt:origo-native
ACCEPT     tcp  --  anywhere             172.18.0.34          tcp dpt:commplex-main
ACCEPT     tcp  --  anywhere             172.18.0.33          tcp dpt:trivnet1
ACCEPT     tcp  --  anywhere             172.18.0.32          tcp dpt:9116
ACCEPT     tcp  --  anywhere             172.18.0.30          tcp dpt:commplex-main
ACCEPT     tcp  --  anywhere             172.18.0.29          tcp dpt:webcache
ACCEPT     tcp  --  anywhere             172.18.0.28          tcp dpt:9835
ACCEPT     tcp  --  anywhere             172.18.0.27          tcp dpt:11434
ACCEPT     tcp  --  anywhere             172.18.0.25          tcp dpt:hbci
ACCEPT     tcp  --  anywhere             172.18.0.23          tcp dpt:webcache
ACCEPT     tcp  --  anywhere             172.18.0.20          tcp dpt:webcache
ACCEPT     tcp  --  anywhere             172.18.0.19          tcp dpt:hbci
ACCEPT     tcp  --  anywhere             172.18.0.19          tcp dpt:domain-s
ACCEPT     udp  --  anywhere             172.18.0.19          udp dpt:784
ACCEPT     tcp  --  anywhere             172.18.0.19          tcp dpt:https
ACCEPT     tcp  --  anywhere             172.18.0.19          tcp dpt:http
ACCEPT     udp  --  anywhere             172.18.0.19          udp dpt:domain
ACCEPT     tcp  --  anywhere             172.18.0.19          tcp dpt:domain
ACCEPT     tcp  --  anywhere             172.18.0.18          tcp dpt:8429
ACCEPT     tcp  --  anywhere             172.18.0.17          tcp dpt:webcache
ACCEPT     tcp  --  anywhere             172.18.0.16          tcp dpt:webcache
ACCEPT     tcp  --  anywhere             172.18.0.15          tcp dpt:http
ACCEPT     tcp  --  anywhere             172.18.0.14          tcp dpt:8813
ACCEPT     tcp  --  anywhere             172.18.0.13          tcp dpt:http
ACCEPT     tcp  --  anywhere             172.18.0.12          tcp dpt:http
ACCEPT     tcp  --  anywhere             172.18.0.11          tcp dpt:trisoap
ACCEPT     tcp  --  anywhere             172.21.0.5           tcp dpt:lnvstatus
ACCEPT     tcp  --  anywhere             172.18.0.9           tcp dpt:9980
ACCEPT     tcp  --  anywhere             172.17.0.3           tcp dpt:irdmi
ACCEPT     tcp  --  anywhere             172.18.0.8           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.19.0.2           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.19.0.2           tcp dpt:http
ACCEPT     tcp  --  anywhere             10.99.16.2           tcp dpt:tungsten-https
ACCEPT     tcp  --  anywhere             10.99.16.2           tcp dpt:cslistener
ACCEPT     tcp  --  anywhere             10.99.16.2           tcp dpt:irdmi
ACCEPT     tcp  --  anywhere             172.25.0.2           tcp dpt:rrac
ACCEPT     tcp  --  anywhere             172.22.0.2           tcp dpt:hbci
ACCEPT     tcp  --  anywhere             172.18.0.7           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.18.0.6           tcp dpt:9428
ACCEPT     tcp  --  anywhere             172.18.0.3           tcp dpt:9042
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:10300
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain DOCKER-BRIDGE (1 references)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere
DOCKER     all  --  anywhere             anywhere
DOCKER     all  --  anywhere             anywhere
DOCKER     all  --  anywhere             anywhere
DOCKER     all  --  anywhere             anywhere
DOCKER     all  --  anywhere             anywhere
DOCKER     all  --  anywhere             anywhere
DOCKER     all  --  anywhere             anywhere
DOCKER     all  --  anywhere             anywhere
DOCKER     all  --  anywhere             anywhere

Chain DOCKER-CT (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

Chain DOCKER-FORWARD (1 references)
target     prot opt source               destination
DOCKER-CT  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
DOCKER-BRIDGE  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (10 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination

SHU-red · August 5, 2025, 7:34am

After temporarily deactivate firewalld with sudo systemctl stop firewalld the containers are reachable again

So i guess fedora-coreos has a different default configuration than ucore regarding handling network_mode: host

I´m now searching for the best method to not change a minimal set of rules to make these containers available again from the local network

Trying the command below with the interface name of the interface connected to my LAN did not to the job

sudo firewall-cmd --permanent --zone=trusted --change-interface=enp5s0
sudo firewall-cmd --reload

SHU-red · August 5, 2025, 8:00am

OK, i guess ucore has hardened firewalld settings due to being used exposed to the web mostly

I could now add my interface to zone “trusted” being only availalbe in my local network –> WIN

See my changes below and please tell me if this is no good practice

For me the –permanent did not work this well, that’s why i added the –runtime-to-permanent command and also i had to change the default zone, since there was some kind of override (–zone=trusted was ignored and everything i changed was forced to be added to FedoraServer zone)

Thanks

Im not an expert on this, just getting my local services working as before

Commands

sudo firewall-cmd --get-active-zones
sudo firewall-cmd --set-default-zone=trusted
sudo firewall-cmd --zone=trusted --add-interface=enp5s0
sudo firewall-cmd --runtime-to-permanent
sudo firewall-cmd --set-default-zone=FedoraServer
sudo firewall-cmd --get-active-zones

Final configuration

$ sudo firewall-cmd --get-active-zones
docker
  interfaces: br-476fa2ba26b4 br-75470d93a0ec br-84e408138b28 br-b617cbf84022 br-f0a2ae5e52f8 docker0 br-ce272f151dd0 br-e282e3d1f735 br-ec98084357e0 br-4dede3918832
trusted (default)
  interfaces: enp5s0

Topic		Replies	Views
Docker Container networking failing Bluefin	8	109	September 23, 2024
Quick end-of-year update Bluefin developer-experience , bluefin-news	4	1496	January 2, 2024
Devcontainers fail with `Cannot connect to the Docker daemon at unix:///var/run/docker.sock` Bluefin	6	731	April 1, 2024
What can be rebased? General	6	1339	July 7, 2024
Shouldn't Docker be rootless in Bluefin-DX Bluefin	1	481	December 26, 2024

[ucore] After rebase: docker network_mode host not working

from

to

now

tell me

Commands

Final configuration

Related topics