meta data for this page
Inside docker
General firewall tables works, but there is a problem with connection state matching.
Matching new connection works, but matching the rest of the same connection using RELATED and ESTABLISHED doesn't work:
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 10.21.0.0/16 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 10.22.0.0/16 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1 60 ACCEPT all -- * * 192.168.64.0/21 10.21.0.0/16 ctstate NEW
6 300 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0