LexVel
Platinum Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору *nat REROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] OSTROUTING ACCEPT [0:0] UTPUT ACCEPT [0:0] OCKER - [0:0] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER -A DOCKER -i docker0 -j RETURN COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] UTPUT ACCEPT [0:0] OCKER - [0:0] OCKER-ISOLATION-STAGE-1 - [0:0] OCKER-ISOLATION-STAGE-2 - [0:0] OCKER-USER - [0:0] -A INPUT -j LOG -A INPUT -p icmp -j DROP -A INPUT -i eth0 -p icmp -j DROP -A INPUT -i eth0:1 -p icmp -j DROP -A INPUT -i eth1 -p icmp -j DROP -A OUTPUT -p udp -m udp --sport 443 -j ACCEPT -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION-STAGE-1 -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A FORWARD -j LOG -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -j RETURN -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP -A DOCKER-ISOLATION-STAGE-2 -j RETURN -A DOCKER-USER -j RETURN COMMIT |