You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you have Docker installed on the same machine as your Gateway (or if you deployed Defguard using the one-line installation script) the firewall may not work properly due to Docker firewall rules interfering with your ACL rules. 
210
+
211
+
To verify this, execute `nft list ruleset` (may require sudo) on the machine on which your Gateway is installed:
212
+
213
+
```
214
+
table ip filter {
215
+
[...]
216
+
chain FORWARD {
217
+
type filter hook forward priority filter; policy drop;
If you have a FORWARD chain (managed by Docker) that has a default policy of drop and filter priority, this chain will interfere with Defguard rules (accept policy shouldn't be a problem).
226
+
227
+
To fix this, set the [Defguard firewall priority](https://docs.defguard.net/features/access-control-list/firewall-internals#forward-chain-priority) to -1. This will make Defguard rules run before Docker rules.
228
+
229
+
Running `nft list ruleset` on the machine should then result in the following:
230
+
231
+
```
232
+
table ip filter {
233
+
[...]
234
+
chain FORWARD {
235
+
type filter hook forward priority filter; policy drop;
0 commit comments