Answer the question
In order to leave comments, you need to log in
H
H
HoHsi2016-04-13 13:16:15
HoHsi, 2016-04-13 13:16:15
Why is Docker ignoring iptables?
Good afternoon!
Why is docker-compose ignoring iptables.
Now iptables looks like this:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# SSH
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# Only for load balanse
# Но Docker игнорирует IP адрес и прокидывает порт в открытый мир.
-A INPUT -p tcp -m state --state NEW -m tcp -s 11.22.33.44 --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 11.22.33.44 --dport 9000 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMITBut Docker ignores the IP address ( -s 11.22.33.44 ) and forwards the port to the open world. How can he prevent him from opening ports for everyone, and following iptables?
2 answer(s)
@3vi1_0n3
3
3vi1_0n3, 2016-04-13 @3vi1_0n3
If the rules are written exactly like this, then it does not ignore, but processes correctly.
First, you have the default policy ACCEPT. Secondly, the rules allowing
Expose policy by default DROP or REJECT
iptable-P INPUT REJECT
And then allowing rules.
Similar questions
O
R
M
V
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question