April 29, 2021

Docker IPTABLES Rules

Really hard to lockdown docker instances, this is the easiest way I have found.

Permit access from LAN networks and individual IP's externally

ipset -N minecraft iphash

ipset -A minecraft

ipset -A minecraft

ipset -A minecraft # Daniel

iptables -I DOCKER-USER -p tcp --dport 25565 -m set ! --match-set minecraft src -j DROP

iptables -I DOCKER-USER -p udp --dport 19132 -m set ! --match-set minecraft src -j DROP

This is all added to a script that runs when the interfaces come up.

iptables -L DOCKER-USER

ipset list minecraft



No comments: