diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index ae5a2e9ef..eb967cb86 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -874,6 +874,7 @@ sub initialize( $;$$) {
WORKAROUNDS => undef ,
LEGACY_RESTART => undef ,
RESTART => undef ,
+ DOCKER => undef ,
#
# Packet Disposition
#
@@ -5857,6 +5858,7 @@ sub get_configuration( $$$$ ) {
default_yes_no 'INLINE_MATCHES' , '';
default_yes_no 'BASIC_FILTERS' , '';
default_yes_no 'WORKAROUNDS' , 'Yes';
+ default_yes_no 'DOCKER' , '';
if ( supplied( $val = $config{RESTART} ) ) {
fatal_error "Invalid value for RESTART ($val)" unless $val =~ /^(restart|reload)$/;
diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf
index d58440ca3..f32ff204d 100644
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@@ -146,6 +146,8 @@ DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No
+DOCKER=No
+
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf
index 456a117db..ac80e41a5 100644
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@@ -157,6 +157,8 @@ DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No
+DOCKER=No
+
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf
index 57787f0a2..4d5492ef8 100644
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@@ -154,6 +154,8 @@ DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No
+DOCKER=No
+
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf
index 2384f6613..c06e403e9 100644
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@@ -157,6 +157,8 @@ DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No
+DOCKER=No
+
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf
index 729a3b2a6..7d4386a2b 100644
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -150,6 +150,8 @@ DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=No
+DOCKER=No
+
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml
index b85c2cbfd..66af8cdc8 100644
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -733,6 +733,19 @@
+
+ DOCKER=[Yes|No]
+
+
+ Added in Shorewall 5.0.6. When set to Yes, the generated
+ script will save Docker-generated rules before and restore them
+ after executing the start, reload and restart commands. If set to No
+ (the default), the generated script will delete any Docker-generated
+ rules when executing those commands.
+
+
+
DONT_LOAD=[module[,module]...]
@@ -763,8 +776,8 @@
Normally, when the SOURCE or DEST columns in
shorewall-policy(5) contains 'all', a single policy chain is created
- and the policy is enforced in that chain. For example, if the policy
- entry is#SOURCE DEST POLICY LOG
+ and thes policy is enforced in that chain. For example, if the
+ policy entry is#SOURCE DEST POLICY LOG
# LEVEL
net all DROP infothen the chain name is 'net-all'
('net2all if ZONE2ZONE=2) which is also the chain named in Shorewall
diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf
index 766db678a..a168064e5 100644
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
+DOCKER=No
+
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf
index 8d13446d3..fc0f222d4 100644
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@@ -140,6 +140,8 @@ DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
+DOCKER=No
+
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
index 046ac3a04..7b4c570fb 100644
--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
+DOCKER=No
+
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
index e80e8844c..437234ff9 100644
--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
+DOCKER=No
+
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf
index 628a028ec..c7a23a009 100644
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
+DOCKER=No
+
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml
index 29a734401..f1e8ed43b 100644
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@@ -611,6 +611,19 @@
+
+ DOCKER=[Yes|No]
+
+
+ Added in Shorewall 5.0.6. When set to Yes, the generated
+ script will save Docker-generated rules before and restore them
+ after executing the start, reload and restart commands. If set to No
+ (the default), the generated script will delete any Docker-generated
+ rules when executing those commands.
+
+
+
DONT_LOAD=[module[,module]...]