Description
@yongshin commented
The customer was frustrated because he didn't understand how Docker natively changes your iptables config: https://docs.docker.com/engine/userguide/networking/default_network/container-communication/#communicating-to-the-outside-world . It is possible to run docker without changing iptables but I don't know if its possible to do for UCP. Either way, the customer wishes this assumption that Docker will change your iptable config is documented:
I just reinstalled UCP on cloud01 again. Later, I realized that Docker, or UCP, will dynamically add firewall rules to the firewall. I realized that if I restart iptables/Netfilter, iptables will also remove any Firewall rules, which will lead to connectivity issues. As a workaround, I need to make sure that I restart the Docker daemon after iptables is restarted, every time.
The same thing can be said with firewalld since firewalld uses iptables underneath the hood.