Created
March 28, 2020 01:46
-
-
Save duk3luk3/4004b20bac164c715c0c670be84045d0 to your computer and use it in GitHub Desktop.
iptables for isolating docker (swarm) services
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *filter | |
| :DOCKER-USER - [0:0] | |
| -F DOCKER-USER | |
| -A DOCKER-USER ! -i ens3 -j RETURN -m comment --comment "Allow all outgoing packets" | |
| -A DOCKER-USER -i ens3 -p udp -m udp --sport 53 -j RETURN -m comment --comment "Allow incoming UDP Port 53 for DNS" | |
| -A DOCKER-USER -i ens3 -p icmp -j RETURN -m comment --comment "Allow ICMP" | |
| -A DOCKER-USER -i ens3 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Allow established TCP" -j RETURN | |
| #-A DOCKER-USER -s 108.61.168.111/32 -m comment --comment "Allow Own IP" -j RETURN | |
| #-A DOCKER-USER -s 127.0.0.0/8 -m comment --comment "Allow Localhost" -j RETURN | |
| -A DOCKER-USER -j DROP -m comment --comment "Drop the rest" | |
| COMMIT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment