trkyshorty/iptables_docker.sh

## iptables_docker.sh
#!/bin/sh

#Set administrator ips here
Whitelist=("ADMIN_IP1 ADMIN_IP2 ADMIN_IP3")

#Host server flush
iptables -F

#Host server configuration
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow Whitelist ip for host
for i in ${Whitelist[@]}
do
    iptables -A INPUT -s $i -j ACCEPT
done

# Drop all incoming and forwarding connections by default.
iptables -P INPUT DROP
iptables -P FORWARD DROP

# Drop all forwarded connections from the external interface in the DOCKER-USER chain.
iptables -I DOCKER-USER -i eth0 -j DROP

# Allow established and related incoming connections.
iptables -I DOCKER-USER -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN

# Allow Whitelist ip for docker container
for i in ${Whitelist[@]}
do
    iptables -I DOCKER-USER -i eth0 -s $i -j RETURN
done

# Allow incoming specified tcp port connections
iptables -I DOCKER-USER -i eth0 -p tcp --dport 80 -j RETURN
iptables -I DOCKER-USER -o eth0 -p tcp --sport 80 -j RETURN
iptables -I DOCKER-USER -i eth0 -p tcp --dport 443 -j RETURN
iptables -I DOCKER-USER -o eth0 -p tcp --sport 443 -j RETURN

# Allow incoming specified udp port connections
iptables -I DOCKER-USER -i eth0 -p udp --dport 80 -j RETURN
iptables -I DOCKER-USER -o eth0 -p udp --sport 80 -j RETURN
iptables -I DOCKER-USER -i eth0 -p udp --dport 443 -j RETURN
iptables -I DOCKER-USER -o eth0 -p udp --sport 443 -j RETURN
	#!/bin/sh

	#Set administrator ips here
	Whitelist=("ADMIN_IP1 ADMIN_IP2 ADMIN_IP3")

	#Host server flush
	iptables -F

	#Host server configuration
	iptables -A INPUT -m state --state INVALID -j DROP
	iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -A INPUT -i lo -j ACCEPT
	iptables -A OUTPUT -o lo -j ACCEPT

	# Allow Whitelist ip for host
	for i in ${Whitelist[@]}
	do
	iptables -A INPUT -s $i -j ACCEPT
	done

	# Drop all incoming and forwarding connections by default.
	iptables -P INPUT DROP
	iptables -P FORWARD DROP

	# Drop all forwarded connections from the external interface in the DOCKER-USER chain.
	iptables -I DOCKER-USER -i eth0 -j DROP

	# Allow established and related incoming connections.
	iptables -I DOCKER-USER -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN

	# Allow Whitelist ip for docker container
	for i in ${Whitelist[@]}
	do
	iptables -I DOCKER-USER -i eth0 -s $i -j RETURN
	done

	# Allow incoming specified tcp port connections
	iptables -I DOCKER-USER -i eth0 -p tcp --dport 80 -j RETURN
	iptables -I DOCKER-USER -o eth0 -p tcp --sport 80 -j RETURN
	iptables -I DOCKER-USER -i eth0 -p tcp --dport 443 -j RETURN
	iptables -I DOCKER-USER -o eth0 -p tcp --sport 443 -j RETURN

	# Allow incoming specified udp port connections
	iptables -I DOCKER-USER -i eth0 -p udp --dport 80 -j RETURN
	iptables -I DOCKER-USER -o eth0 -p udp --sport 80 -j RETURN
	iptables -I DOCKER-USER -i eth0 -p udp --dport 443 -j RETURN
	iptables -I DOCKER-USER -o eth0 -p udp --sport 443 -j RETURN