Provision of original client IP and usage of iptables rules

palindromo · June 22, 2017, 12:28pm

Hi,
I am trying to configure docker together with iptables rules. In the default docker settings no rule will take effect, because of the docker FORWARD entries.

In the link there is a workaround described to add a custom table PRE_DOCKER to handle restrictions after docker has started. I tried it and it worked.
But I think in case the script to add the rules after starting docker is not succesfully processed all containers will remain accessible from all the internet.
When we set iptables=false in the docker config, the iptables rules will be active but the client IP is the IP of the Docker bridge.

How can we configure docker to use our existing iptables rules AND provide the original remote / client IP?

Docker 17.03.1 is running on Ubuntu 16.04 LTS.

EDIT: What I want to achieve is that docker provides the remote IP to the container even when docker is configured with iptables = false (I don´t want docker to change / bypass my existing rules)

Thank you in advance for any information.

Topic		Replies	Views
Docker iptable rules with proxy General	1	2643	July 21, 2020
Restricting External Container Access with Iptables General	5	47879	November 14, 2018
Iptables-persistent on Ubuntu 14.04 messes up Docker iptables rules General	1	7082	April 8, 2018
Docker firewall rules how to change or disable General	2	54205	December 6, 2017
Connecting from host to container General	0	2233	April 4, 2015

Provision of original client IP and usage of iptables rules

Related topics