Skip to content

Instantly share code, notes, and snippets.

@gangsta

gangsta/Docker Iptables.md

Last active May 18, 2017 08:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gangsta/b7ad76b65dffe496ec7e3d101a761495 to your computer and use it in GitHub Desktop.
Save gangsta/b7ad76b65dffe496ec7e3d101a761495 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Docker Iptables.md

Docker, stop messing with my iptables rules!

Let's say you are using docker on a server available on the Internet. You already have an iptables based firewall configured. Personally, I'm using uif which is a very powerful perl script available in debian. Have a look at a config example.

To tell docker to never make changes to your system iptables rules, you have to set --iptables=false when the daemon starts.

For sysvinit and upstart based systems, you can edit /etc/default/docker. For systemd, you can do that:

mkdir /etc/systemd/system/docker.service.d
cat << EOF > /etc/systemd/system/docker.service.d/noiptables.conf
[Service]
ExecStart=/usr/bin/docker daemon -H fd:// --iptables=false
EOF
systemctl daemon-reload

Now reload your firewall and restart docker daemon. You can see that the chain named DOCKER and the references to it in chain FORWARD (policy DROP) disappeared.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment