LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables inside container doesn't work - NET_ADMIN also didn't help (https://www.linuxquestions.org/questions/linux-networking-3/iptables-inside-container-doesnt-work-net_admin-also-didnt-help-4175650259/)

ario 03-15-2019 06:39 PM
iptables inside container doesn't work - NET_ADMIN also didn't help
 
Hi Folks,
I have a container with fail2ban on it. On my development computer when I add this to docker-compose:
Code:
    cap_add:
    - NET_ADMIN
    - NET_RAW
I can see rules are added to iptables both inside container and outside it and it works properly. When I try the same configuration on EC2 instance, i can see those rules inside container, but not on the host system. What's wrong?
Thanks in advance.

MensaWater 03-22-2019 02:23 PM
Not an expert but I just ran across an issue here where a container kept restarting.

My co-worker after looking into it said it was because the CoreOS setup for docker didn't start Iptables. When the container started it would try to dynamically add to the CoreOS iptables but couldn't since iptables wasn't loaded at start of docker itself. He plans to restart docker itself after having modified the config file for docket to load iptables. He hasn't done that yet so I can't be certain but he has done far more with containers than I.

Posting it as a hint since no one else has responded.


All times are GMT -5. The time now is 10:51 PM.