Hi Alfredo, The only thing you need is:
-A FORWARD -o docker0 -j DOCKER -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT Best regards, Radek Gruchalski [email protected] (mailto:[email protected]) (mailto:[email protected]) de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/) Confidentiality: This communication is intended for the above-named person and may be confidential and/or legally privileged. If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately. On Wednesday, 13 April 2016 at 21:27, Alfredo Carneiro wrote: > Hello guys, > > I don't know if that is the right place to ask. So, since we use public > cloud, we are trying to hardening our servers allowing traffic just from our > subnetworks. However, when I tried to implement some iptables rules I got > problems with Docker, which couldn't find its chain anymore. > > Then, I am wondering if anyone has ever implemented any iptables rule in this > scenario. > > I've seen this[1] "tip", however, I think that it is not apply to this case, > because it is very "static". > > [1] - https://fralef.me/docker-and-iptables.html > > Best Regards, > > -- > Alfredo Miranda
