Docker Community Forums

Share and learn in the Docker community.

Blocking traffic to one of the service containers

docker
swarm

(Warrior7089) #1

There are 3 distinct vms where RabbitMQ service is deployed in global mode.
My goal is to block traffic to one of the RabbitMQ service containers.
Tried using iptables to Reproduce RabbitMQ network partition scenario

by adding iptables chain

iptables -A DOCKER-INGRESS -d 10.255.0.33 -p tcp --dport amqp -m state --state ESTABLISHED,RELATED -j DROP

on 2 docker nodes where RabbitMQ service task containers run.
10.255.0.33 is ip of the container from swarm overlay network taken from docker service inspect output.
Though, traffic still passes through and network partition is not reproduced.
How to block traffic to service container correctly?


#2

I am trying to perform the same action to simulate a network partition.
I am using 3 docker containers each with its own RabbitMQ instance running.
Have you managed to find a way to block traffic to one of them in order to simulate network partition ?


(Warrior7089) #3

Hi, yes.
The idea is to use iptables inside one of them to block in&out traffic to 2 other container virtual ips.
I’ll post exact instructions on Sunday if you still need it.