Category : iptables

can someone explain why I cannot forward packages to a NFQUEUE inside a docker container. My goal is to setup a NFQ based network inspection inside a container. The rule will be added but just ignored. If someone is interested – here I created a PR for SNORT setup with NFQ inline configuration => https://github.com/cfinkelstein/myownlab/pull/1. ..

Read more

I have setup: Rancher (1.6.30) and Docker (18.09.9). When I create a rancher cluster from docker-compose: version: ‘2’ services: mongo: image: mongo:4.4.2 stdin_open: true volumes: – /var/lib/mongo/data/db:/data/db tty: true ports: – 27017:27017/tcp app1: image: XX stdin_open: true tty: true ports: – 10503:80/tcp labels: io.rancher.container.pull_image: always app2: image: XX stdin_open: true tty: true ports: – 10504:8080/tcp ..

Read more

I have a mailserver in a docker container. Fail2ban is installed on the host with this configuration : [DEFAULT] protocol = all [postfix-aggressive] enabled = true chain = DOCKER-USER port = 0:65535 logpath = /my/path/to/mail.log filter = postfix[mode=aggressive] Fail2ban rules work, and bot IPs are detected, but they do not seems to be realy banned ..

Read more

According to the docker docs (emphasis mine): On Linux, Docker manipulates iptables rules to provide network isolation. While this is an implementation detail (…) you should not modify the rules Docker inserts into your iptables policies … and It is possible to set the iptables key to false in the Docker engine‚Äôs configuration file at ..

Read more

I realized that recently docker add integration with firewalld and I just want to setup my server using firewalld instead of iptables boring rules and chains. This is my docker zone output: [email protected]:~# sudo firewall-cmd –zone=docker –list-all docker (active) target: DROP icmp-block-inversion: no interfaces: br-0a659f93a5b6 br-be2e44b2b069 docker0 sources: services: ports: protocols: masquerade: no forward-ports: source-ports: ..

Read more

I want to control which external IP is used to send traffic from my swarm containers, this can be easily used with a bridge network and iptables rules. This works fine for local-scoped bridge networks: docker network create –driver=bridge –scope=local –subnet=172.123.0.0/16 -o "com.docker.network.bridge.enable_ip_masquerade"="false" -o "com.docker.network.bridge.name"="my_local_bridge" my_local_bridge and on iptables: sudo iptables -t nat -A POSTROUTING ..

Read more