I've got OpenVPN on Amazon Linux 2 EC2 instance and need to forward packets through it. It works until I start docker
on the instance. Then the FORWARD policy turns to DROP and VPN stops working.
[root@ip-... ~]# iptables -L FORWARD
Chain FORWARD (policy ACCEPT) <<< See it's ACCEPT
target prot opt source destination
Then I start docker and check again:
[root@ip-... ~]# systemctl start docker
[root@ip-... ~]# iptables -L
Chain FORWARD (policy DROP) <<<< Turned to DROP
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
I tried to set the policy in /etc/sysconfig/iptables
but that doesn't help.
This seems specific to Amazon Linux 2, I don't seem to have this problem on Ubuntu.
Any ideas?