Skip to content

v1.2.0
Compare
Choose a tag to compare
@github-actions github-actions released this 13 Jul 19:54
1.2.0
This tag was signed with the committer’s verified signature.
pitkley Pit
GPG key ID: 78CEE08B0377C481
Learn about vigilant mode.
71cc64b
This commit was signed with the committer’s verified signature.
pitkley Pit
GPG key ID: 78CEE08B0377C481
Learn about vigilant mode.

Summary

This release reintroduces an iptables-based firewall-backend. This means that if you previously didn't upgrade from DFW v0.5 to v1.0 because you didn't want to switch to nftables, now you can upgrade to v1.2 and continue using iptables.

Please consult the documentation on how to upgrade from a previous release of DFW to v1.2:

Changes

1.2.0 (2020-07-13)

  • Reintegrate the iptables-backend.

    This reintroduces an iptables-based firewall-backend (v1.0 initially dropped iptables-support), specifically the iptables-restore backend that was made available in v0.4+.

    The backend can be selected through the --firewall-backend iptables CLI parameter (nftables is the default).

  • Make exposing containers via IPv6 configurable.

    You can now specify the expose_via_ipv6-key within a wider-world-to-container-rule to configure whether the service should be exposed via IPv6 or not (the default is true).

    (Please note that further requirements need to be fulfilled such that exposing services via IPv6 to works, see here.)

  • Ensure consistent behaviour regardless of whether [global_defaults] has been specified or not.

    Previously DFW showed different behaviour depending on whether global_defaults was specified or not, regardless of the actual content within the section (which was allowed to be empty).
    This release ensures that the same behaviour is maintained no matter if the section was defined or not.

  • Don't exit DFW if there are no containers running (#243, thanks to @Georgiy-Tugai).

Internal changes: dependency updates, move CI entirely to GitHub Actions.

Installation

While you can use Cargo to install dfw as a binary, using the Docker image is the preferred way to go, especially if you don't want to install Rust and Cargo on your host:

$ docker pull pitkley/dfw:1.2.0
$ docker run -d \
      --name=dfw \
      --restart=unless-stopped \
      -v /var/run/docker.sock:/var/run/docker.sock:ro \
      -v /path/to/your/config:/config \
      --net host --cap-add=NET_ADMIN \
      pitkley/dfw:1.2.0 --config-path /config

This will download a lightweight image, coming in at under 10 MB, and subsequently run it using your configuration.

Assets 4
Loading