Docker custom iptables in docker-user chain
The default rule seems to be to return from the chain. I don’t know if I am allowed to remove this entry so for now I’ll keep prepending my own rules.
iptables -I DOCKER-USER 1 -j DROP iptables -I DOCKER-USER 1 -p tcp -m tcp -m mac --mac-source XX:XX:XX:XX:XX:XX -m state --state NEW -j RETURN -m comment --comment "Johns phone" iptables -I DOCKER-USER 1 -p tcp -m tcp -s XXX.XXX.XXX.XXX -m state --state NEW -j RETURN -m comment --comment "Johns public ip" iptables -I DOCKER-USER 1 -p tcp -m state --state RELATED,ESTABLISHED -j RETURN |
I stored these commands in /etc/network/docker-iptables.sh and made it executable.
Next determine what type of startup system your system is using.
sudo stat /proc/1/exe |
In my case this shows systemd.
I then edited the docker.service file in /lib/systemd/system/docker.service
I added the following line behind the ExecStart.
ExecStartPost=/etc/network/docker-iptables.sh |
Categories: Uncategorized