Skip to content

Instantly share code, notes, and snippets.

@TommyStarK

TommyStarK/docker_container_iptables.md

Last active August 11, 2019 16:53
Show Gist options
  • Save TommyStarK/786959ac65c030929a13fe04b0524185 to your computer and use it in GitHub Desktop.
Save TommyStarK/786959ac65c030929a13fe04b0524185 to your computer and use it in GitHub Desktop.
Download ZIP
Docker container_iptables
Raw
docker_container_iptables.md 
# drop all inbound/outbound packet for this specific interface#
$ iptables -I DOCKER-USER -i $interface -j DROP
# allow outbound packet for this specific interface
$ iptables -I DOCKER-USER -o $interface -j ACCEPT
# accept inbound packet for this specific interface as long as 
# a connection has alread# y been made
$ iptables -I DOCKER-USER -i $interface -m state --state ESTABLISHED,RELATED -j ACCEPT
# allow inbound packet from IP $arg for this specifc interface
$ iptables -I DOCKER-USER -i $interface -s $arg -j ACCEPT
# allow outbound packet toward $arg for this specific interface as long as
# a connection has already been made
$ iptables -I DOCKER-USER -o $interface -d $arg -m conntrack --ctstate RELATED,ESTABLISHED
# check new rules
$ iptables -S DOCKER-USER
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment