| # /etc/systemd/system/docker-iptables-rules.service | |
| [Unit] | |
| Description=Apply custom iptables rules for Docker | |
| After=docker.service | |
| Requires=docker.service | |
| [Service] | |
| Type=oneshot | |
| ExecStart=/usr/sbin/iptables -C DOCKER-USER -p tcp --dport 5532 -j DROP || /usr/sbin/iptables -I DOCKER-USER -p tcp --dport 5532 -j DROP | |
| RemainAfterExit=yes | |
| [Install] | |
| WantedBy=multi-user.target |
sudo iptables -I DOCKER-USER -p tcp -s 127.0.0.1 --dport 5532 -j ACCEPT
sudo iptables -I DOCKER-USER -p tcp --dport 5532 -j DROP
sudo systemctl daemon-reload
sudo systemctl enable docker-iptables-rules.service
sudo systemctl start docker-iptables-rules.service
Теперь правило будет применяться при каждом запуске Docker/системы.