Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
iptables for isolating docker (swarm) services
*filter
:DOCKER-USER - [0:0]
-F DOCKER-USER
-A DOCKER-USER ! -i ens3 -j RETURN -m comment --comment "Allow all outgoing packets"
-A DOCKER-USER -i ens3 -p udp -m udp --sport 53 -j RETURN -m comment --comment "Allow incoming UDP Port 53 for DNS"
-A DOCKER-USER -i ens3 -p icmp -j RETURN -m comment --comment "Allow ICMP"
-A DOCKER-USER -i ens3 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Allow established TCP" -j RETURN
#-A DOCKER-USER -s 108.61.168.111/32 -m comment --comment "Allow Own IP" -j RETURN
#-A DOCKER-USER -s 127.0.0.0/8 -m comment --comment "Allow Localhost" -j RETURN
-A DOCKER-USER -j DROP -m comment --comment "Drop the rest"
COMMIT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment