Symptoms
- After updating Plesk to 18.0.67.3, Docker connections to external IPs got blocked
- Ping from docker container to external IP doesn't work while internal IP does
-
The following Docker package is installed on the server:
# dpkg-query --list | grep docker-ce
ii docker-ce 5:28.0.0-1~ubuntu.22.04~jammy arm64
ii docker-ce-cli 5:28.0.0-1~ubuntu.22.04~jammy arm64
Cause
In Docker version 28.0.0, Docker's networking setup appended rules directly to the FORWARD chain in iptables to the end after DROP
-A FORWARD -j DROP
-A FORWARD -i br-c5a345a92ad7 -j ACCEPT
-A FORWARD -i docker0 -j ACCEPT
-A FORWARD -i br-353937b03a8c -j ACCEPT
Was previously reported as Plesk bug https://webpros.atlassian.net/browse/EXTPLESK-8001, but it turned out there's no issue on the Plesk side (Docker/Firewall extensions), see details in the bug.
Resolution
Issue was fixed in Docker 28.0.1, so update Docker packages to that version:
- Connect to the server via SSH.
-
Update Docker packages
# apt install --only-upgrade docker-ce docker-ce-cli docker-compose-plugin
-
Re-create firewall rules using Plesk Firewall (if it is in use):
# plesk ext firewall --disable -auto-confirm-this-may-lock-me-out-of-the-server
# plesk ext firewall --enable -auto-confirm-this-may-lock-me-out-of-the-server
Warning: The containers will be restarted.
Comments
Please sign in to leave a comment.