updates for shorewall configs

Signed-off-by: Jessica Frazelle <acidburn@docker.com>

shorewall/etc/interfaces

@@ -11,5 +11,5 @@
 ###############################################################################
 #ZONE		INTERFACE		OPTIONS
 -           lo              ignore
-dock        docker0
+dock        docker0         bridge
-net         all             dhcp,physical=+,routeback
+net         all             dhcp,physical=+

shorewall/etc/masq

@@ -9,5 +9,4 @@
 ################################################################################################################
 #INTERFACE:DEST		SOURCE		ADDRESS		PROTO	PORT(S)	IPSEC	MARK	USER/	SWITCH	ORIGINAL
 #											GROUP		DEST
-#eth0                172.17.0.0/16
+#net               172.17.0.0/16
-#wlan0               172.17.42.1/24

shorewall/etc/policy

@@ -9,9 +9,11 @@
 ###############################################################################
 #SOURCE	        DEST        POLICY		LOG	LIMIT:		CONNLIMIT:
 #				LEVEL	BURST		MASK
-dock            all         ACCEPT
+dock            net         ACCEPT
-# on a server you would obviously want to accept
+dock            fw          ACCEPT
+
 net             dock        DROP
 net             all         DROP
+
 fw              net         ACCEPT
 fw              dock        ACCEPT

shorewall/etc/rules

@@ -16,7 +16,8 @@
 ?SECTION UNTRACKED
 ?SECTION NEW
 Invalid(DROP)   net     $FW     tcp
-# on a server you would obiously want to accept here
+Invalid(DROP)   net     dock    tcp
-SSH(DROP)     net     $FW
+Invalid(DROP)   net     dock    udp
+#SSH(ACCEPT)       net     $FW
 # on a server you would obviously want to accept here
-Ping(DROP)    net     $FW
+#Ping(ACCEPT)      net     $FW