I want to use iptables to match based on UID for running container, and I’m using DSCP tagging for this. But I’m afraid I don’t know ip tables all that well, and understand what docker does to iptables even less. I hope someone can help.
This is what I was doing before using docker to DSCP tag my application by running user:
sudo iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner transmission -j DSCP --set-dscp 0x10
I’m afraid now I don’t know how to replicate this functionality.
Indeed, processes running under user “transmission” that are not running in docker do indeed get tagged properly.