I’ve created 2 docker networks using docker network create. Docker daemon created a linux bridge for each of the networks.
I’m trying to redirect traffic from one network to the other using some dpdk process, which listens to one bridge and redirects to the other bridge.
Anyway, I couldn’t do it due to Docker daemon changing iptables rules.
Specifically adding these isolations,
DOCKER-ISOLATION-STAGE-2 all -- br-d6ffb947525f !br-d6ffb947525f 0.0.0.0/0 0.0.0.0/0
Drop whatever sent to this network, not from this network.
Which is exactly what I wanted to do.
Is there a nice way to overcome this issue with proper docker syntax (something with docker network create options) and not using iptables(for example, allow all FORWARDs
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
831064 395982253 DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
831064 395982253 DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
...
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
317527 13466097 DOCKER-ISOLATION-STAGE-2 all -- br-3f2a8e428fc3 !br-3f2a8e428fc3 0.0.0.0/0 0.0.0.0/0
4985 222873 DOCKER-ISOLATION-STAGE-2 all -- br-d6ffb947525f !br-d6ffb947525f 0.0.0.0/0 0.0.0.0/0 <-------
9867 414498 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
926051 544265081 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (3 references)
pkts bytes target prot opt in out source destination
626 43802 DROP all -- * br-3f2a8e428fc3 0.0.0.0/0 0.0.0.0/0
139 11616 DROP all -- * br-d6ffb947525f 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
357775 15136265 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0