Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Installing iptables in docker container based on alpinelinux

I am writing a dockerfile and I need IPtables to be installed in docker container. I need to add a rule to the IP table as I am trying to run on "host" network mode and it seems I need install IPtables for this purpose. when I try to include the rule as follows I get the following error.

iptables -I INPUT -p tcp -m tcp --dport 8080 -j ACCEPT


iptables v1.6.0: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Is it possible to run iptables with root privileges.

like image 450
Tharanga Avatar asked Jan 17 '17 21:01

Tharanga


People also ask

Can I run iptables in Docker container?

Docker installs two custom iptables chains named DOCKER-USER and DOCKER , and it ensures that incoming packets are always checked by these two chains first. All of Docker's iptables rules are added to the DOCKER chain. Do not manipulate this chain manually.

How do I assign an IP address to a Docker container?

When you connect an existing container to a different network using docker network connect , you can use the --ip or --ip6 flags on that command to specify the container's IP address on the additional network. In the same way, a container's hostname defaults to be the container's ID in Docker.

Can we assign static IP to Docker container?

If you want to make a static private IP address, you should consider if you need to use one at all. Most of the time, you'll want a static IP to talk to one container from another, or from the host. In most cases, Docker's built in networking can handle this.

Can Docker use Nftables?

If I have iptables running, Docker DNS seems to work but there are no rules added to iptables. I don't understand this, why does it require iptables but make no rules? Docker doesn't support nftables .


1 Answers

--privileged flag is not required anymore. Starting with Docker 1.2 you can now run your image with parameters --cap-add=NET_ADMIN and --cap-add=NET_RAW which will allow internal iptables.

like image 88
Dmitriusan Avatar answered Oct 11 '22 01:10

Dmitriusan