Skip to content

Instantly share code, notes, and snippets.

@x-yuri

x-yuri/1.txt Secret

Created June 28, 2019 13:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save x-yuri/b28a439f2c1a76a5e4b1f22085cf008c to your computer and use it in GitHub Desktop.
Save x-yuri/b28a439f2c1a76a5e4b1f22085cf008c to your computer and use it in GitHub Desktop.
Download ZIP
docker 18.09.6 basic iptables rules
Raw
1.txt
# Generated by iptables-save v1.8.3 on Fri Jun 28 16:05:10 2019
*nat
:PREROUTING ACCEPT [499:31131]
:INPUT ACCEPT [387:26346]
:OUTPUT ACCEPT [51834:5507608]
:POSTROUTING ACCEPT [51834:5507608]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Fri Jun 28 16:05:10 2019
# Generated by iptables-save v1.8.3 on Fri Jun 28 16:05:10 2019
*filter
:INPUT ACCEPT [1117837:1489152633]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [675884:76938077]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Fri Jun 28 16:05:10 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment