Hi there, running a docker containter on my Ubuntu 16.04 laptop and I want to simulate an external server going down to test how it handles that case. I tried blocking the IP outbound on my laptop with

sudo iptables -I OUTPUT -p tcp -d (external_ip) -j REJECT --reject-with tcp-reset

now a curl from my laptop terminal fails as expected

$ curl -v (external_ip)

• Rebuilt URL to: (external_ip)/
• Trying (external_ip)…
• connect to (external_ip) port 80 failed: Connection refused
• Failed to connect to (external_ip) port 80: Connection refused
• Closing connection 0
  curl: (7) Failed to connect to (external_ip) port 80: Connection refused

but from the container the same command still goes through. I have tried several slight variations but I haven’t been able to block the container communicating to the ip. Any suggestions?

Using docker compose so you have to act on the DOCKER-ISOLATION chain

sudo iptables -I DOCKER-ISOLATION -i (internal-bridge) -p tcp -d (external_ip) -j REJECT --reject-with tcp-reset.

This lets us simulate outside sources of data going down and how we handle it. Hope it helps someone else.