While FirewallD is running, all DNS queries fail and are blocked by the firewall. Running tcpdump -i docker0 while running ping google.com in a container shows me
21:27:02.683342 IP 172.17.0.2.35118 > google-public-dns-a.google.com.domain: 54430+ AAAA? google.com. (28)
21:27:02.683399 IP 172.17.0.1 > 172.17.0.2: ICMP host google-public-dns-a.google.com unreachable - admin prohibited filter, length 64
Pinging 8.8.8.8 for instance, or any other absolute IP, works fine.
If I explicitly add docker0 or 172.17.0.0/16 to the trusted zone, the requests go through. However, another one of my machines on the same distribution (openSUSE Tumbleweed) works fine.
I've torn through my FirewallD config, and there is no mention of either that subnet or the docker0 interface. I'm really not sure what's going on nor where to look. You can find my active FirewallD rules below.
sudo firewall-cmd --get-active-zones
public
sudo firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: wlp4s0
sources:
services: dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
