Home > Blockchain >  Cant run iptables in Dockerfile
Cant run iptables in Dockerfile

Time:02-15

I have been battling for a while on this! Given the following Dockerfile, if I leave the RUN iptables... lines out, then execute them manually inside the running docker container they work fine. But if I leave them in Dockerfile I get a permissions error.

FROM ubuntu
RUN apt-get update
RUN apt-get install -y iptables
RUN iptables -I INPUT -p tcp --dport 27015 -j ACCEPT
RUN iptables -A INPUT -i eth0 -j QUEUE

The output of docker build gives:

[ ] Building 0.4s (7/8)
 => [internal] load build definition from Dockerfile                                                               0.0s
 => => transferring dockerfile: 199B                                                                               0.0s
 => [internal] load .dockerignore                                                                                  0.0s
 => => transferring context: 2B                                                                                    0.0s
 => [internal] load metadata for docker.io/library/ubuntu:latest                                                   0.0s
 => [1/5] FROM docker.io/library/ubuntu                                                                            0.0s
 => CACHED [2/5] RUN apt-get update                                                                                0.0s
 => CACHED [3/5] RUN apt-get install -y iptables                                                                   0.0s
 => ERROR [4/5] RUN iptables -I INPUT -p tcp --dport 27015 -j ACCEPT                                               0.3s
------
 > [4/5] RUN iptables -I INPUT -p tcp --dport 27015 -j ACCEPT:
#7 0.256 getsockopt failed strangely: Operation not permitted
------
executor failed running [/bin/sh -c iptables -I INPUT -p tcp --dport 27015 -j ACCEPT]: exit code: 1

But if I use:

FROM ubuntu
RUN apt-get update
RUN apt-get install -y iptables

Docker build completes OK, then I run the image with:

docker run -i -t --cap-add NET_RAW --cap-add NET_ADMIN 094d0bb9befb

The container opens and at the command prompt I can type in the iptables rules as above. They are accepted and work exactly as I require.

Any ideas how I can apply these iptable rules directly from the Dockerfile?

CodePudding user response:

how I can apply these iptable rules directly from the Dockerfile?

You can't. And they make little sense - they are affecting the temporary container created for building the image.

Each container has a separate network namespace, which includes separate interfaces and firewall. On container startup, a separate network space is created.

Create a script that will be run on CMD or ENTRYPOINT or manually on container startup and in that script add commands that should affect the current container environment..

  • Related