Merge "Disable Docker iptables and bridge networking by default"

ansible/group_vars/all.yml

@@ -103,7 +103,7 @@ docker_runtime_directory: ""
 docker_client_timeout: 120
 
 # Docker networking options
-docker_disable_default_iptables_rules: "no"
+docker_disable_default_iptables_rules: "yes"
 docker_disable_default_network: "{{ docker_disable_default_iptables_rules }}"
 
 # Retention settings for Docker logs

releasenotes/notes/disable-docker-iptables-bridge-493feb35cba4c405.yaml

@@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    Docker iptables manipulation and bridge networking are now disabled by
+    default. This avoids problems that may be caused by Docker settings the
+    default policy of the ``FORWARD`` chain in the ``filter`` table to
+    ``DROP``. To revert to the previous behaviour, set
+    ``docker_disable_default_iptables_rules`` to ``no``. This sets the default
+    of ``docker_disable_default_network``.