Skip to content

Instantly share code, notes, and snippets.

@bagnaram

bagnaram/gist:6956db1fb64b03638a11d4b7e14f1def

Created July 9, 2020 19:07
Show Gist options
  • Save bagnaram/6956db1fb64b03638a11d4b7e14f1def to your computer and use it in GitHub Desktop.
Save bagnaram/6956db1fb64b03638a11d4b7e14f1def to your computer and use it in GitHub Desktop.
Download ZIP
node iptables-save
Raw
gistfile1.txt
# Generated by iptables-save v1.6.1 on Thu Jul 9 19:06:19 2020
*mangle
:PREROUTING ACCEPT [7091825:9493530511]
:INPUT ACCEPT [1670962:1763710139]
:FORWARD ACCEPT [5371806:7721982809]
:OUTPUT ACCEPT [1293988:139850675]
:POSTROUTING ACCEPT [6662346:7861626604]
COMMIT
# Completed on Thu Jul 9 19:06:19 2020
# Generated by iptables-save v1.6.1 on Thu Jul 9 19:06:19 2020
*nat
:PREROUTING ACCEPT [118:7080]
:INPUT ACCEPT [1:60]
:OUTPUT ACCEPT [5:420]
:POSTROUTING ACCEPT [122:7440]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -o docker0 -m addrtype --src-type LOCAL -j MASQUERADE
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -o br-c23d4d647326 -m addrtype --src-type LOCAL -j MASQUERADE
-A POSTROUTING -s 172.18.0.0/16 ! -o br-c23d4d647326 -j MASQUERADE
-A POSTROUTING -o br-93a0d7c8f7ef -m addrtype --src-type LOCAL -j MASQUERADE
-A POSTROUTING -s 172.19.0.0/16 ! -o br-93a0d7c8f7ef -j MASQUERADE
-A POSTROUTING -s 172.18.0.3/32 -d 172.18.0.3/32 -p tcp -m tcp --dport 10514 -j MASQUERADE
-A POSTROUTING -s 172.18.0.9/32 -d 172.18.0.9/32 -p tcp -m tcp --dport 8443 -j MASQUERADE
-A POSTROUTING -s 172.18.0.9/32 -d 172.18.0.9/32 -p tcp -m tcp --dport 8080 -j MASQUERADE
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 1514 -j DNAT --to-destination 172.18.0.3:10514
-A DOCKER -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.18.0.9:8443
-A DOCKER -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.18.0.9:8080
COMMIT
# Completed on Thu Jul 9 19:06:19 2020
# Generated by iptables-save v1.6.1 on Thu Jul 9 19:06:19 2020
*filter
:INPUT ACCEPT [332:23028]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [277:142603]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -j DOCKER-USER
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -o br-c23d4d647326 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-c23d4d647326 -j DOCKER
-A FORWARD -i br-c23d4d647326 ! -o br-c23d4d647326 -j ACCEPT
-A FORWARD -i br-c23d4d647326 -o br-c23d4d647326 -j ACCEPT
-A FORWARD -o br-93a0d7c8f7ef -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-93a0d7c8f7ef -j DOCKER
-A FORWARD -i br-93a0d7c8f7ef ! -o br-93a0d7c8f7ef -j ACCEPT
-A FORWARD -i br-93a0d7c8f7ef -o br-93a0d7c8f7ef -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j DROP
-A DOCKER -d 172.18.0.3/32 ! -i br-c23d4d647326 -o br-c23d4d647326 -p tcp -m tcp --dport 10514 -j ACCEPT
-A DOCKER -d 172.18.0.9/32 ! -i br-c23d4d647326 -o br-c23d4d647326 -p tcp -m tcp --dport 8443 -j ACCEPT
-A DOCKER -d 172.18.0.9/32 ! -i br-c23d4d647326 -o br-c23d4d647326 -p tcp -m tcp --dport 8080 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-c23d4d647326 ! -o br-c23d4d647326 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-93a0d7c8f7ef ! -o br-93a0d7c8f7ef -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-c23d4d647326 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-93a0d7c8f7ef -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Thu Jul 9 19:06:19 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment