Hello,

I have a Windows 10 Host with Docker running. I want to use a Debian container, where I want to configure a firewall. But I get an error, which I am unable to resolve.

Dockerfile:

version: '3'
services:
  debian:
    image: debian
    command: bash -c "apt update -y &&
                      apt upgrade -y &&
                      apt install -y iptables &&
                      tail -f /dev/null"
    cap_add:
      - NET_ADMIN
      - NET_RAW

My idea was to just enter the container

docker exec -it containername bash

an then configure the firewall.

iptables -P INPUT DROP

works.
But

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

gives me the following error

iptables v1.8.7 (nf_tables): Couldn't load match `conntrack':No such file or directory

How can I resolve this error?

apt install conntrack

installs a conntrack package, but the error remains.

modprobe conntack

returns

modprobe: FATAL: Module conntack not found in directory /lib/modules/5.10.16.3-microsoft-standard-WSL2

Can I add the module, if that makes sense? And how to do so?

I am also open to an other solution, where I can deny all incoming traffic, but allow established connections, that does not rely on the above command, but I would preffer to be able to resolve the error and use the above command.

Please let me know if I can provide further Information.

Thank you.