Skip to content

Instantly share code, notes, and snippets.

@bodik

bodik/readme.md

Last active September 5, 2023 14:51
Show Gist options
  • Save bodik/1e460a7107f0f212d71d81a1e5fb8830 to your computer and use it in GitHub Desktop.
Save bodik/1e460a7107f0f212d71d81a1e5fb8830 to your computer and use it in GitHub Desktop.
Download ZIP
restrict access docker services running in vagrant box to perimeter network
Raw
readme.md

does not handle input box itself

# cat /etc/iptables/rules.v4 
# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jun  5 13:36:08 2023
*filter
:INPUT ACCEPT [5:208]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [170:16192]
:DOCKER-USER - [0:0]
:HOMENETS - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -j FLABNETS

-A DOCKER-USER -m state --state RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-USER -i eth1 -j HOMENETS

-A HOMENETS -s XXXX/26 -j ACCEPT
-A HOMENETS -s XXXX/26 -j ACCEPT
-A HOMENETS -j DROP
COMMIT
# Completed on Mon Jun  5 13:36:08 2023

# cat /etc/iptables/rules.v6
# Generated by ip6tables-save v1.8.9 (nf_tables) on Mon Jun  5 13:36:08 2023
*filter
:INPUT ACCEPT [1:60]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:64]
:DOCKER-USER - [0:0]
-A DOCKER-USER -m state --state RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-USER -i eth1 ! -s XXXX -j DROP
COMMIT
# Completed on Mon Jun  5 13:36:08 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment