Docker and iptables configuration @startup

orshachar · November 24, 2016, 7:02pm

So these are the rules that I’m missing on iptables after docker restarts:

:PREROUTING ACCEPT [8:496]		
:INPUT ACCEPT [0:0]		
:OUTPUT ACCEPT [0:0]		
:POSTROUTING ACCEPT [0:0]		
:DOCKER - [0:0]		
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER		
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER		
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE		
-A POSTROUTING -s 172.18.0.0/16 ! -o br-a0b355ce53ac -j MASQUERADE		
-A DOCKER -i docker0 -j RETURN		
-A DOCKER -i br-a0b355ce53ac -j RETURN
 # same
:DOCKER - [0:0]		
:DOCKER-ISOLATION - [0:0]
# same
	-A FORWARD -j DOCKER-ISOLATION		
-A FORWARD -o docker0 -j DOCKER		
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT		
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT		
-A FORWARD -i docker0 -o docker0 -j ACCEPT		
-A FORWARD -o br-a0b355ce53ac -j DOCKER		
-A FORWARD -o br-a0b355ce53ac -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT		
-A FORWARD -i br-a0b355ce53ac ! -o br-a0b355ce53ac -j ACCEPT		
-A FORWARD -i br-a0b355ce53ac -o br-a0b355ce53ac -j ACCEPT
# same
	-A DOCKER-ISOLATION -i br-a0b355ce53ac -o docker0 -j DROP		
-A DOCKER-ISOLATION -i docker0 -o br-a0b355ce53ac -j DROP		
-A DOCKER-ISOLATION -j RETURN

I see the problem but I don’t see solution - how can we control the boot order? BTW -restarting docker doesn’t help because my iptables=false

Topic		Replies	Views
Persistent POSTROUTING iptable rules General docker	0	995	November 15, 2018
Network : Lost Host IP General docker	1	2826	October 28, 2015
Disabled userland proxy, can't connect General	2	2782	September 7, 2021
New to Docker, need some help with port mappings "iptables" Docker Hub docker	0	858	November 13, 2019
No access to containers General	0	812	March 18, 2017

Docker and iptables configuration @startup

Related topics