Skip to content

Instantly share code, notes, and snippets.

Last active April 13, 2020 14:37
Show Gist options
  • Save AdrianLThomas/c0ab24774cb5a639726bb35413445fce to your computer and use it in GitHub Desktop.
Save AdrianLThomas/c0ab24774cb5a639726bb35413445fce to your computer and use it in GitHub Desktop.
IP table rules for Cloudflare access only with Docker
# Adapted from:
# Create a PRE_DOCKER table
iptables -N PRE_DOCKER
# Default action
iptables -I PRE_DOCKER -j DROP
# Docker Containers Public access
for i in `curl`; do iptables -I PRE_DOCKER -i eth0 -s $i -j ACCEPT; done
# Docker internal use
iptables -I PRE_DOCKER -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I PRE_DOCKER -i docker0 ! -o docker0 -j ACCEPT
iptables -I PRE_DOCKER -m state --state RELATED -j ACCEPT
iptables -I PRE_DOCKER -i docker0 -o docker0 -j ACCEPT
# Finally insert the PRE_DOCKER table before the DOCKER table in the FORWARD chain.
iptables -I FORWARD -o docker0 -j PRE_DOCKER
netfilter-persistent save
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment