Test Docker communicating to external server that died

Hi there, running a docker containter on my Ubuntu 16.04 laptop and I want to simulate an external server going down to test how it handles that case. I tried blocking the IP outbound on my laptop with

sudo iptables -I OUTPUT -p tcp -d (external_ip) -j REJECT --reject-with tcp-reset

now a curl from my laptop terminal fails as expected

$ curl -v (external_ip)

  • Rebuilt URL to: (external_ip)/
  • Trying (external_ip)…
  • connect to (external_ip) port 80 failed: Connection refused
  • Failed to connect to (external_ip) port 80: Connection refused
  • Closing connection 0
    curl: (7) Failed to connect to (external_ip) port 80: Connection refused

but from the container the same command still goes through. I have tried several slight variations but I haven’t been able to block the container communicating to the ip. Any suggestions?

Using docker compose so you have to act on the DOCKER-ISOLATION chain

sudo iptables -I DOCKER-ISOLATION -i (internal-bridge) -p tcp -d (external_ip) -j REJECT --reject-with tcp-reset.

This lets us simulate outside sources of data going down and how we handle it. Hope it helps someone else.