Home > Uncategorized > Docker custom iptables in docker-user chain

Docker custom iptables in docker-user chain

December 19th, 2017 Leave a comment Go to comments

The default rule seems to be to return from the chain. I don’t know if I am allowed to remove this entry so for now I’ll keep prepending my own rules.

iptables -I DOCKER-USER 1 -j DROP
iptables -I DOCKER-USER 1 -p tcp -m tcp -m mac --mac-source XX:XX:XX:XX:XX:XX -m state --state NEW -j RETURN -m comment --comment "Johns phone"
iptables -I DOCKER-USER 1 -p tcp -m tcp -s XXX.XXX.XXX.XXX -m state --state NEW -j RETURN -m comment --comment "Johns public ip"
iptables -I DOCKER-USER 1 -p tcp -m state --state RELATED,ESTABLISHED -j RETURN

I stored these commands in /etc/network/docker-iptables.sh and made it executable.
Next determine what type of startup system your system is using.

sudo stat /proc/1/exe

In my case this shows systemd.
I then edited the docker.service file in /lib/systemd/system/docker.service
I added the following line behind the ExecStart.

  ExecStartPost=/etc/network/docker-iptables.sh
Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.

Time limit is exhausted. Please reload CAPTCHA.