https://www.michelebologna.net/tags/iptables/ Recent content in Iptables on Michele Bologna Hugo en Mon, 06 Aug 2018 00:00:00 +0000 https://www.michelebologna.net/2018/preventing-docker-from-manipulating-iptables-rules/ Mon, 06 Aug 2018 00:00:00 +0000 https://www.michelebologna.net/2018/preventing-docker-from-manipulating-iptables-rules/ <p>By default, <a href="https://docs.docker.com/network/iptables/#add-iptables-policies-before-dockers-rules" class="external-link" target="_blank" rel="noopener">Docker manipulates iptables rules</a> to provide network isolation:</p> <pre tabindex="0"><code>Chain FORWARD (policy DROP) target prot opt source destination DOCKER all -- 0.0.0.0/0 0.0.0.0/0 [...] Chain DOCKER (1 references) target prot opt source destination </code></pre><p>I don&rsquo;t mind having my iptables rules for forwarding manipulated, but there is a caveat: when you expose a container (with <code>-p</code>), then the port will be exposed to every network interface (which means the whole Internet too). Let&rsquo;s make an example:</p>