Implementation as specified in rfxn#38 (comment) but don't really wor…

…k. Commit it here for the work done

files/conf.apf

@@ -566,6 +566,10 @@ LOG_APF="/var/log/apf_log"
 IPT_LOCK_SUPPORT="0"
 IPT_LOCK_TIMEOUT="3"
 
+# support for docker. when apf start, docker will be restart. Because docker 
+# rules are adhoc and change as container start/stop.
+SET_DOCKER="0"
+
 ##
 # [Import misc. conf]
 ##

files/firewall

@@ -350,3 +350,16 @@ if [ "$USE_IPV6" == "1" ]; then
         $IP6T -A INPUT -p udp -j $UDP_STOP
         $IP6T -A INPUT -p all -j $ALL_STOP
 fi
+
+# Restoring Docker rules if exists
+if [ "$SET_DOCKER" == "1" ]; then
+        eout "{glob} restoring docker rules if exists"
+        if [ -f "$INSTALL_PATH/internals/.docker.filter" ]; then
+            eout "{docker} restoring docker table filter"
+            $IPTR -c -n < "$INSTALL_PATH/internals/.docker.filter"
+        fi
+        if [ -f "$INSTALL_PATH/internals/.docker.nat" ]; then
+            eout "{docker} restoring docker table nat"
+            $IPTR -c -n < "$INSTALL_PATH/internals/.docker.nat"
+        fi
+fi

files/internals/functions.apf

@@ -232,6 +232,18 @@ if [ "$SET_FASTLOAD" == "1" ] && [ ! "$1" == "1" ] && [ ! "$DEVEL_ON" == "1" ] &
 	$IPTS > $INSTALL_PATH/internals/.apf.restore
 	eout "{glob} fast load snapshot saved"
 fi
+# saving existing docker rules if exists
+if [ "$SET_DOCKER" == "1" ]; then
+	eout "{glob} saving docker rules if exists"
+	$IPTS -t filter | egrep "filter|FORWARD|DOCKER|docker|COMMIT" > "$INSTALL_PATH/internals/.docker.filter"
+	if [ -s "$INSTALL_PATH/internals/.docker.filter" ]; then
+	    eout "{docker} saved docker table filter"
+	fi
+	$IPTS -t nat | egrep "\*nat|DOCKER|docker|COMMIT" > "$INSTALL_PATH/internals/.docker.nat"
+	if [ -s "$INSTALL_PATH/internals/.docker.nat" ]; then
+	    eout "{docker} saved docker table nat"
+	fi
+fi
 if [ ! "$1" = "1" ]; then
 	eout "{glob} flushing & zeroing chain policies"
 fi