Created
July 8, 2015 19:41
-
-
Save pl12133/d23b916e6f729336ed4e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by iptables-save v1.4.21 on Wed Jul 8 15:12:54 2015 | |
| *nat | |
| :PREROUTING ACCEPT [0:0] | |
| :INPUT ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :POSTROUTING ACCEPT [0:0] | |
| :DOCKER - [0:0] | |
| -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER | |
| -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER | |
| -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 8083 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 8084 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 8086 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.1/32 -d 172.17.0.1/32 -p tcp -m tcp --dport 8083 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.1/32 -d 172.17.0.1/32 -p tcp -m tcp --dport 8084 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.1/32 -d 172.17.0.1/32 -p tcp -m tcp --dport 8086 -j MASQUERADE | |
| -A DOCKER ! -i docker0 -p tcp -m tcp --dport 8083 -j DNAT --to-destination 172.17.0.1:8083 | |
| -A DOCKER ! -i docker0 -p tcp -m tcp --dport 8084 -j DNAT --to-destination 172.17.0.1:8084 | |
| -A DOCKER ! -i docker0 -p tcp -m tcp --dport 8086 -j DNAT --to-destination 172.17.0.1:8086 | |
| COMMIT | |
| # Completed on Wed Jul 8 15:12:54 2015 | |
| # Generated by iptables-save v1.4.21 on Wed Jul 8 15:12:54 2015 | |
| *filter | |
| :INPUT ACCEPT [148:10700] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [102:13264] | |
| :DOCKER - [0:0] | |
| -A FORWARD -o docker0 -j DOCKER | |
| -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A FORWARD -i docker0 ! -o docker0 -j ACCEPT | |
| -A FORWARD -i docker0 -o docker0 -j ACCEPT | |
| -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8083 -j ACCEPT | |
| -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8084 -j ACCEPT | |
| -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8086 -j ACCEPT | |
| -A DOCKER -d 172.17.0.1/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8083 -j ACCEPT | |
| -A DOCKER -d 172.17.0.1/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8084 -j ACCEPT | |
| -A DOCKER -d 172.17.0.1/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8086 -j ACCEPT | |
| COMMIT | |
| # Completed on Wed Jul 8 15:12:54 2015 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by iptables-save v1.4.21 on Wed Jul 8 15:12:54 2015 | |
| *nat | |
| :PREROUTING ACCEPT [0:0] | |
| :INPUT ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :POSTROUTING ACCEPT [0:0] | |
| :DOCKER - [0:0] | |
| -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER | |
| -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER | |
| -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 8083 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 8084 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 8086 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.1/32 -d 172.17.0.1/32 -p tcp -m tcp --dport 8083 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.1/32 -d 172.17.0.1/32 -p tcp -m tcp --dport 8084 -j MASQUERADE | |
| -A POSTROUTING -s 172.17.0.1/32 -d 172.17.0.1/32 -p tcp -m tcp --dport 8086 -j MASQUERADE | |
| -A DOCKER ! -i docker0 -p tcp -m tcp --dport 8083 -j DNAT --to-destination 172.17.0.1:8083 | |
| -A DOCKER ! -i docker0 -p tcp -m tcp --dport 8084 -j DNAT --to-destination 172.17.0.1:8084 | |
| -A DOCKER ! -i docker0 -p tcp -m tcp --dport 8086 -j DNAT --to-destination 172.17.0.1:8086 | |
| COMMIT | |
| # Completed on Wed Jul 8 15:12:54 2015 | |
| # Generated by iptables-save v1.4.21 on Wed Jul 8 15:12:54 2015 | |
| *filter | |
| :INPUT ACCEPT [148:10700] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [102:13264] | |
| :DOCKER - [0:0] | |
| -A FORWARD -o docker0 -j DOCKER | |
| -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A FORWARD -i docker0 ! -o docker0 -j ACCEPT | |
| -A FORWARD -i docker0 -o docker0 -j ACCEPT | |
| -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8083 -j DROP | |
| -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8084 -j DROP | |
| -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8086 -j DROP | |
| -A DOCKER -d 172.17.0.1/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8083 -j DROP | |
| -A DOCKER -d 172.17.0.1/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8084 -j DROP | |
| -A DOCKER -d 172.17.0.1/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8086 -j DROP | |
| COMMIT | |
| # Completed on Wed Jul 8 15:12:54 2015 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment