Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -P INPUT ACCEPT
- -P FORWARD DROP
- -P OUTPUT ACCEPT
- -N DOCKER
- -N DOCKER-ISOLATION-STAGE-1
- -N DOCKER-ISOLATION-STAGE-2
- -N DOCKER-USER
- -A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
- -A FORWARD -j DOCKER-USER
- -A FORWARD -j DOCKER-ISOLATION-STAGE-1
- -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -o docker0 -j DOCKER
- -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
- -A FORWARD -i docker0 -o docker0 -j ACCEPT
- -A FORWARD -o br-4f5770ea8905 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -o br-4f5770ea8905 -j DOCKER
- -A FORWARD -i br-4f5770ea8905 ! -o br-4f5770ea8905 -j ACCEPT
- -A FORWARD -i br-4f5770ea8905 -o br-4f5770ea8905 -j ACCEPT
- -A DOCKER -d 172.18.0.2/32 ! -i br-4f5770ea8905 -o br-4f5770ea8905 -p tcp -m tcp --dport 3306 -j ACCEPT
- -A DOCKER -d 172.18.0.3/32 ! -i br-4f5770ea8905 -o br-4f5770ea8905 -p tcp -m tcp --dport 8080 -j ACCEPT
- -A DOCKER -d 172.18.0.3/32 ! -i br-4f5770ea8905 -o br-4f5770ea8905 -p tcp -m tcp --dport 443 -j ACCEPT
- -A DOCKER -d 172.18.0.7/32 ! -i br-4f5770ea8905 -o br-4f5770ea8905 -p tcp -m tcp --dport 6379 -j ACCEPT
- -A DOCKER -d 172.18.0.8/32 ! -i br-4f5770ea8905 -o br-4f5770ea8905 -p tcp -m tcp --dport 3306 -j ACCEPT
- -A DOCKER -d 172.18.0.10/32 ! -i br-4f5770ea8905 -o br-4f5770ea8905 -p tcp -m tcp --dport 3306 -j ACCEPT
- -A DOCKER -d 172.18.0.3/32 ! -i br-4f5770ea8905 -o br-4f5770ea8905 -p tcp -m tcp --dport 80 -j ACCEPT
- -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
- -A DOCKER-ISOLATION-STAGE-1 -i br-4f5770ea8905 ! -o br-4f5770ea8905 -j DOCKER-ISOLATION-STAGE-2
- -A DOCKER-ISOLATION-STAGE-1 -j RETURN
- -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
- -A DOCKER-ISOLATION-STAGE-2 -o br-4f5770ea8905 -j DROP
- -A DOCKER-ISOLATION-STAGE-2 -j RETURN
- -A DOCKER-USER -j RETURN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
