i’m trying to get a container working, which shall be able to control the host systems iptables/netfilter logic.
I don’t want to have iptables running inside the container, I want to actually issue iptables commands which get active on the host, where the container runs.
The iptable rules will have nothing to do with the container, from where it shall be posted
Getting this to run in Docker will be tricky (Docker goes to some pretty significant lengths to isolate containers from the host in this way, plus does some nontrivial iptables mucking itself) and you’re probably better off just running iptables on the host directly. Doubly true since you basically need to be root to run Docker containers anyways.
(--net hostmight help you; but so would bind-mounting the host filesystem and adding yourself to the host’s /etc/sudoers.)
Actually the reason why that should run in the container, is simply because of CI and deployment purposes.
I tested some more and indeed with the --net hostparameter it does not look too bad. I get the same output on the container than I do on the host…