Issue Type: Docker with IPTABLES enabled
Docker Version: 1.12.6
I had to add few iptable entries into NAT table, POSTROUTING chain, to allow docker containers to access internet through a different source-address/source-interface of Host Machine (to_source).
Things are working fine.
target prot opt source destination SNAT all -- 100.100.8.0/22 10.1.2.3 to:100.64.0.5
But, when docker service is restarted, it inserts MASQUERADE rules on top of my entries and hence my fix as above is masked. Docker containers can’t access internet now.
target prot opt source destination MASQUERADE all -- 100.100.8.0/22 0.0.0.0/0 SNAT all -- 100.100.8.0/22 10.1.2.3 to:100.64.0.5
Is there anyway to make my POSTROUTING rules to stay always on top of the chain even after docker restarts?