Ping a Specific Port

Question

giomanda

Asked: 2019-08-05 07:28:34 +0800 CST2019-08-05 07:28:34 +0800 CST 2019-08-05 07:28:34 +0800 CST

automatic iptables rules inside docker container

772

I am trying to set specific iptables rules inside a container but so far i have no luck. So far i tried to enter (exec bash) the container and add manually the rules, then, export the running container to a new image.

When i import the image and start the new container the iptable rules are still not there.

How can i have specific iptables rules when the container is created without having to set them automatically?

I am using docker-CE 19.03.1

The image is a custom debian-strech created using debootstrap.

2 Answers

Voted

giomanda · Answer 1 · 2019-08-06T12:27:19+08:00

giomanda

2019-08-06T12:27:19+08:002019-08-06T12:27:19+08:00

I managed to implement this by:

1) adding all iptables rules i wish to apply on a bash script .

2) Copy the bash to the container using the Dockerfile

3) Use again Dockerfile to run the iptables bash script within the container.

For example:

iptables script

#!/bin/bash
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -s 10.88.0.0/24  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.88.0.0/24  -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

echo "iptables executed " > /root/iptables_echo

Dockerfile

FROM "openvpn-server:ready"

WORKDIR /etc/openvpn
USER root

COPY iptables.sh /usr/local/bin/iptables.sh
RUN chmod +x /usr/local/bin/iptables.sh && apt-get install iptables
CMD iptables.sh

EXPOSE 443:443/tcp

2

Marco · Answer 2 · 2019-08-05T09:08:54+08:00

Marco

2019-08-05T09:08:54+08:002019-08-05T09:08:54+08:00

iptables rules are not persistent across reboots. You should try something like the iptables-persistent package in Ubuntu.

apt install iptables-persistent 
mkdir -p /etc/iptables
iptables-save > /etc/iptables/rules.v4 
ip6tables-save > /etc/iptables/rules.v6
service iptables-persistent start

Here is an handy how-to: http://www.microhowto.info/howto/make_the_configuration_of_iptables_persistent_on_debian.html

If the distro you use doesn't have such tool you can just put the rules in a script and then let systemd or init inovke it at boot time.

0

automatic iptables rules inside docker container

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?