Home > other >  Linux - how to configure the docker docker iptables rules - the USER to limit the output?
Linux - how to configure the docker docker iptables rules - the USER to limit the output?

Time:10-17

I'm running a container, I want to only allow it to access specific ips. In other words, most want to refuse my target ips.
I tried the following method:

The iptables -i DOCKER - USER - o custom interface! - d XXX. XXX. XXX. XXX -j REJECT

But it refused to all connections, I can't ping XXX. XXX, XXX, XXX.
This is really strange, I think I just through the custom interface to stop output packets, it won't reach XXX. XXX. XXX. XXX. Therefore, all arrive at XXX. XXX. XXX. XXX of the incoming packet and output is acceptable.
But it seems I was wrong. Why? Appreciate any help.
Edit
Accept the answer shows how to configure the incoming limit, then I learned how to configure the efferent restriction.
Create BEFORE_DOCKER table

The iptables -n BEFORE_DOCKER

The default

The iptables -i BEFORE_DOCKER -j DROP

Docker container public administrator access rights (insert here all allow IP)

The iptables -i eth0 BEFORE_DOCKER - o - d 172.114.1.23 -j ACCEPT
The iptables -i eth0 BEFORE_DOCKER - o - d 10.129.172.12 -j ACCEPT

Docker vessel restricted LAN access (insert your LAN IP in this range or multiple IP)

Iptables -i BEFORE_DOCKER -o eth1 -d 192.168.10.1 -j ACCEPT
Iptables -i BEFORE_DOCKER -o eth1 -d 192.168.10.2 -j ACCEPT

The final step is to use it as a FORWARD chain on the first table inserted.

The iptables -i FORWARD -i docker0 -j BEFORE_DOCKER

CodePudding user response:

REJECT to create BEFORE_DOCKER table using the default rules, the next step is to use it as a FORWARD chain on the first table inserted.
Create BEFORE_DOCKER table

The iptables -n BEFORE_DOCKER

The default

The iptables -i BEFORE_DOCKER -j DROP

Docker container public administrator access rights (insert here all allow IP)

The iptables -i BEFORE_DOCKER -i eth0 -s 172.114.1.23 -j ACCEPT
The iptables -i BEFORE_DOCKER -i eth0 -s 10.129.172.12 -j ACCEPT

Docker vessel restricted LAN access (insert your LAN IP in this range or multiple IP)

Iptables -i BEFORE_DOCKER -i eth1 -s 192.168.10.1 -j ACCEPT
The iptables -i BEFORE_DOCKER -i eth1 -s 192.168.10.2 -j ACCEPT

The final step is to use it as a FORWARD chain on the first table inserted.

Iptables -i FORWARD -o docker0 -j BEFORE_DOCKER

I hope it will help!!!!!

CodePudding user response:

Thank you, consult your way to realize the IP white list,
Post address: https://www.cnblogs.com/jiftle/p/13821394.html

Page link:https//www.codepudding.com/other/67410.html

Prev:01 knapsack problem if the specified item number how to solve
Next:A word line laser application case 01 - body paint film defects detection
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding