Fedora 26, docker, & firewalld zones/services configuration issues
I've been trying to learn and work with docker. On first install it works using basic instructions from docs.docker.com . And then it breaks after a reboot, which I believe is part of the typical Linux learning cycle :)
# journalctl -u firewalld.service WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -n -L DOCKER' failed: Ad Naseum.
Which leads to a deeper dive into firewalld and it's relationship with the system. After much exploring, and editing all the the corrupted *.conf, *.xml files in /etc/firewalld & it's subdirectories, I set the default zone to public, check if its active, then recheck after connecting to wifi:
firewall-cmd --get-active-zones: FedoraServer interfaces: docker_gwbridge public interfaces: wlan0
Now it shows 2 active zones after connection. My docker interfaces & services keep jumping around in different zones, which I believe is related to servicehelpers autoconfiguring through NetworkManager, and the confusion between iptables & ebtables states everytime a new container is created and destroyed. This suggests that all zones are indeed in use at all times, or during the times that servicehelpers reconfigure them, which is often when playing with docker & it's many configurations. But my limited understanding of firewalls(past ubuntu user) is that a "zone" ie Public;Home;Server is chosen as a single default entity, and then all services, ports etc are placed & nested within it.
Could someone please explain the concept behind zones: are they singular in nature on a per network-interface; are they loaded dynamically by servicehelpers and active in multiples (ie:FedoraServer AND public)? How & where do I find the scripts that NetworkManager uses to autoconfigure and load both zones?
How did you install docker?