Docker firewall rules how to change or disable

kar1 · April 13, 2017, 10:51am

Hi,

I had more or less the same issue and here is how I fixed it (ob Ubuntu, but I assume it will be the same on Debian).
I added to the docker daemon the following options (in /etc/sysconfig/docker):

OPTIONS=‘–bip 10.190.33.254/24 -g /data/docker --iptables=false’

–bip sets the IP addresses and netmask for the containers
–iptables prevents Docker from modyfing my iptables rules

In the docker systemd unit file (/lib/systemd/system/docker.service), I added this line:

ExecStartPost=/docker_network_conf/docker_iptables.sh
(The script must be executed after the docker daemon is up)

And the script simply looks like:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -t nat -A POSTROUTING -s 10.190.33.0/24 ! -o docker0 -j SNAT --to-source [HOST_IP]
iptables -t nat -A POSTROUTING -s 10.190.33.0/24 ! -o docker0 -j MASQUERADE

Topic		Replies	Views
Is it possible to disable nat in docker-compose? Compose security , docker , build	3	14130	August 14, 2024
Iptables-persistent on Ubuntu 14.04 messes up Docker iptables rules General	1	7232	April 8, 2018
--iptables=false ignored by dockerd General docker	1	4400	January 31, 2020
Persistent POSTROUTING iptable rules General docker	0	1016	November 15, 2018
Provision of original client IP and usage of iptables rules General	0	1253	June 22, 2017

Docker firewall rules how to change or disable

Related topics