Docker iptables for NGINX web services and local MySQL

docker-iptables-rules.v4

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -j DROP

# Allow traffic coming from docker0 interface
sudo iptables -I INPUT 6 -i docker0 -p tcp --dport 3306 -j ACCEPT

# Allow traffic from any interface EXCEPT the public ethernet
sudo iptables -I INPUT ! -i eth0 -p tcp --dport 3306 -j ACCEPT

#1 - Accept anything on loopback interface
#2 - Accept all established connections
#3 - Accept SSH traffic on 22
#4 - Accept HTTP traffic on 80
#5 - Accept SSL traffic on 443
#6 - Accept MySQL traffic on the docker0 interface
#7 - Black hole anything else

sudo apt-get install iptables-persistent

sudo netfilter-persistent save
sudo netfilter-persistent reload