meta data for this page
Inside docker
General firewall tables works, but there is a problem with connection state matching.
Matching new connection works, but matching the rest of the same connection using RELATED
and ESTABLISHED
doesn't work:
pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 10.21.0.0/16 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 10.22.0.0/16 0.0.0.0/0 ctstate RELATED,ESTABLISHED 1 60 ACCEPT all -- * * 192.168.64.0/21 10.21.0.0/16 ctstate NEW 6 300 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0