按照 https://www.cnblogs.com/CloudMan6/p/7341487.html进行操作,实验结果与老师文章中的正好相反,不同 overlay 网络中的主机可以通信,验证部分见下面高亮代码段
问题找到了,是因为我机器上有一块网卡的Ip是10.0.10.101/20 ,把这个网卡禁用就好了,我用的是云主机,这是云主机的内网网卡。
但还是可以通过 docker_gwbridge 的网卡进行通信
root@host01:~# ifconfig
docker0 Link encap:Ethernet HWaddr ::8a::2a:
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU: Metric:
RX packets: errors: dropped: overruns: frame:
TX packets: errors: dropped: overruns: carrier:
collisions: txqueuelen:
RX bytes: (0.0 B) TX bytes: (0.0 B) docker_gwbridge Link encap:Ethernet HWaddr ::4d:d7:0f:5f
inet addr:172.18.0.1 Bcast:172.18.255.255 Mask:255.255.0.0
inet6 addr: fe80:::4dff:fed7:f5f/ Scope:Link
UP BROADCAST RUNNING MULTICAST MTU: Metric:
RX packets: errors: dropped: overruns: frame:
TX packets: errors: dropped: overruns: carrier:
collisions: txqueuelen:
RX bytes: (678.4 KB) TX bytes: (825.4 KB) ens3 Link encap:Ethernet HWaddr :::::a5
inet addr:10.0.10.101 Bcast:10.0.15.255 Mask:255.255.240.0
inet6 addr: fe80:::ff:fe03:2a5/ Scope:Link
UP BROADCAST RUNNING MULTICAST MTU: Metric:
RX packets: errors: dropped: overruns: frame:
TX packets: errors: dropped: overruns: carrier:
collisions: txqueuelen:
RX bytes: (1.2 GB) TX bytes: (615.5 KB) ens4 Link encap:Ethernet HWaddr ::::a5:e3
inet addr:123.58.8.20 Bcast:123.58.8.255 Mask:255.255.255.0
inet6 addr: fe80:::1ff:fe02:a5e3/ Scope:Link
UP BROADCAST RUNNING MULTICAST MTU: Metric:
RX packets: errors: dropped: overruns: frame:
TX packets: errors: dropped: overruns: carrier:
collisions: txqueuelen:
RX bytes: (1.0 GB) TX bytes: (217.5 MB) lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::/ Scope:Host
UP LOOPBACK RUNNING MTU: Metric:
RX packets: errors: dropped: overruns: frame:
TX packets: errors: dropped: overruns: carrier:
collisions: txqueuelen:
RX bytes: (0.0 B) TX bytes: (0.0 B) veth37959a9 Link encap:Ethernet HWaddr 9a::fe:5d:2c:cd
inet6 addr: fe80:::feff:fe5d:2ccd/ Scope:Link
UP BROADCAST RUNNING MULTICAST MTU: Metric:
RX packets: errors: dropped: overruns: frame:
TX packets: errors: dropped: overruns: carrier:
collisions: txqueuelen:
RX bytes: (198.0 KB) TX bytes: (199.3 KB) veth9b8f24e Link encap:Ethernet HWaddr ::9e::c8:
inet6 addr: fe80:::9eff:fe13:c837/ Scope:Link
UP BROADCAST RUNNING MULTICAST MTU: Metric:
RX packets: errors: dropped: overruns: frame:
TX packets: errors: dropped: overruns: carrier:
collisions: txqueuelen:
RX bytes: (989.5 KB) TX bytes: (1.0 MB) root@host01:~# ifconfig ens3 down
root@host01:~#
root@host01:~#
root@host01:~# docker exec bbox3 ping -c 172.18.0.2
PING 172.18.0.2 (172.18.0.2): data bytes
bytes from 172.18.0.2: seq= ttl= time=0.156 ms
bytes from 172.18.0.2: seq= ttl= time=0.134 ms --- 172.18.0.2 ping statistics ---
packets transmitted, packets received, % packet loss
round-trip min/avg/max = 0.134/0.145/0.156 ms root@host01:~# docker exec bbox3 ping -c 10.0.0.2
PING 10.0.0.2 (10.0.0.2): data bytes --- 10.0.0.2 ping statistics ---
packets transmitted, packets received, % packet loss
root@host01:~#
root@host01:~# docker version
Client:
Version: 18.09.
API version: 1.39
Go version: go1.10.8
Git commit: 774a1f4
Built: Thu Feb ::
OS/Arch: linux/amd64
Experimental: falseServer: Docker Engine - Community
Engine:
Version: 18.09.
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: 774a1f4
Built: Thu Feb ::
OS/Arch: linux/amd64
Experimental: false
root@host01:~# docker network ls
NETWORK ID NAME DRIVER SCOPE
5f1cb3e7ea16 bridge bridge local
467a0c3b1d73 docker_gwbridge bridge local
a08d5e1df638 host host local
83f08e15caa8 none null local
609020e03ff4 ov_net1 overlay global
3de64fa3d3ee ov_net2 overlay global
root@host01:~# docker network inspect ov_net1
[
{
"Name": "ov_net1",
"Id": "609020e03ff4ac5fb1aad73e23bfb22bc288463663e5aba775ed06263077c242",
"Created": "2019-03-15T08:52:44.452192114+08:00",
"Scope": "global",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "10.0.0.0/24",
"Gateway": "10.0.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"e666ab4af792055c63afde141a13286a8e108df2472994a42f22d92e4dbd4f61": {
"Name": "bbox1",
"EndpointID": "a5c953f0f64694095ebb50102305a617072b66ae494a54167250168683ea1571",
"MacAddress": "02:42:0a:00:00:02",
"IPv4Address": "10.0.0.2/24",
"IPv6Address": ""
},
"ep-0e7e516e2d946d2e090a88f1358096a6baf89dbbe8f07a8681705552939e58e2": {
"Name": "bbox2",
"EndpointID": "0e7e516e2d946d2e090a88f1358096a6baf89dbbe8f07a8681705552939e58e2",
"MacAddress": "02:42:0a:00:00:03",
"IPv4Address": "10.0.0.3/24",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
root@host01:~# docker network inspect ov_net2
[
{
"Name": "ov_net2",
"Id": "3de64fa3d3ee7875685a99ee0d1a21f220ff107c17b2fc25d2cc43dee669f005",
"Created": "2019-03-20T08:50:15.368081913+08:00",
"Scope": "global",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "10.0.1.0/24",
"Gateway": "10.0.1.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"271022e6c6ed1cb28a29045561a48100cc0c14e3b5bb664beb41e3f4edc976a1": {
"Name": "bbox3",
"EndpointID": "7d14cb392da9e77ccb9d574935d535a4f5e4b02e1f44a4ed0a4ee8688d1e9d32",
"MacAddress": "02:42:0a:00:01:02",
"IPv4Address": "10.0.1.2/24",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
root@host01:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
271022e6c6ed busybox "sh" minutes ago Up minutes bbox3
e666ab4af792 busybox "sh" days ago Up days bbox1
root@host01:~# docker inspect bbox1
[
{
"Id": "e666ab4af792055c63afde141a13286a8e108df2472994a42f22d92e4dbd4f61",
"Created": "2019-03-18T00:55:22.236809259Z",
"Path": "sh",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": ,
"ExitCode": ,
"Error": "",
"StartedAt": "2019-03-18T00:55:23.137228284Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:d8233ab899d419c58cf3634c0df54ff5d8acc28f8173f09c21df4a07229e1205",
"ResolvConfPath": "/var/lib/docker/containers/e666ab4af792055c63afde141a13286a8e108df2472994a42f22d92e4dbd4f61/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/e666ab4af792055c63afde141a13286a8e108df2472994a42f22d92e4dbd4f61/hostname",
"HostsPath": "/var/lib/docker/containers/e666ab4af792055c63afde141a13286a8e108df2472994a42f22d92e4dbd4f61/hosts",
"LogPath": "/var/lib/docker/containers/e666ab4af792055c63afde141a13286a8e108df2472994a42f22d92e4dbd4f61/e666ab4af792055c63afde141a13286a8e108df2472994a42f22d92e4dbd4f61-json.log",
"Name": "/bbox1",
"RestartCount": ,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": [
"472f27d9d44e88bcd743fdd89bca9ed6bdef7ec58e061b36b2f65eae4601064e"
],
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "ov_net1",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount":
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "shareable",
"Cgroup": "",
"Links": null,
"OomScoreAdj": ,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": ,
"Runtime": "runc",
"ConsoleSize": [
, ],
"Isolation": "",
"CpuShares": ,
"Memory": ,
"NanoCpus": ,
"CgroupParent": "",
"BlkioWeight": ,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": ,
"CpuQuota": ,
"CpuRealtimePeriod": ,
"CpuRealtimeRuntime": ,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DiskQuota": ,
"KernelMemory": ,
"MemoryReservation": ,
"MemorySwap": ,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": ,
"Ulimits": null,
"CpuCount": ,
"CpuPercent": ,
"IOMaximumIOps": ,
"IOMaximumBandwidth": ,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/95fe4db24230c3bd702eb54fc90e1c700f251511968a2c36a6d2b62d533dff97-init/diff:/var/lib/docker/overlay2/c863240dcd004963897d5b3805879ad87038dc5f840e48cccc4517101c33f2de/diff",
"MergedDir": "/var/lib/docker/overlay2/95fe4db24230c3bd702eb54fc90e1c700f251511968a2c36a6d2b62d533dff97/merged",
"UpperDir": "/var/lib/docker/overlay2/95fe4db24230c3bd702eb54fc90e1c700f251511968a2c36a6d2b62d533dff97/diff",
"WorkDir": "/var/lib/docker/overlay2/95fe4db24230c3bd702eb54fc90e1c700f251511968a2c36a6d2b62d533dff97/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "e666ab4af792",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"sh"
],
"ArgsEscaped": true,
"Image": "busybox",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "a8d468c12df86f394ce13268a9c5507bc7df4c0d39f6463afb9b426b59dc1e3b",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": ,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/a8d468c12df8",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"IPAddress": "",
"IPPrefixLen": ,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"ov_net1": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"e666ab4af792"
],
"NetworkID": "609020e03ff4ac5fb1aad73e23bfb22bc288463663e5aba775ed06263077c242",
"EndpointID": "a5c953f0f64694095ebb50102305a617072b66ae494a54167250168683ea1571",
"Gateway": "",
"IPAddress": "10.0.0.2",
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"MacAddress": "02:42:0a:00:00:02",
"DriverOpts": null
}
}
}
}
]
root@host01:~# docker inspect bbox3
[
{
"Id": "271022e6c6ed1cb28a29045561a48100cc0c14e3b5bb664beb41e3f4edc976a1",
"Created": "2019-03-20T00:50:44.855237793Z",
"Path": "sh",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": ,
"ExitCode": ,
"Error": "",
"StartedAt": "2019-03-20T00:50:45.682912119Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:d8233ab899d419c58cf3634c0df54ff5d8acc28f8173f09c21df4a07229e1205",
"ResolvConfPath": "/var/lib/docker/containers/271022e6c6ed1cb28a29045561a48100cc0c14e3b5bb664beb41e3f4edc976a1/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/271022e6c6ed1cb28a29045561a48100cc0c14e3b5bb664beb41e3f4edc976a1/hostname",
"HostsPath": "/var/lib/docker/containers/271022e6c6ed1cb28a29045561a48100cc0c14e3b5bb664beb41e3f4edc976a1/hosts",
"LogPath": "/var/lib/docker/containers/271022e6c6ed1cb28a29045561a48100cc0c14e3b5bb664beb41e3f4edc976a1/271022e6c6ed1cb28a29045561a48100cc0c14e3b5bb664beb41e3f4edc976a1-json.log",
"Name": "/bbox3",
"RestartCount": ,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": [
"194f02fffa032374b38533f493895b01734ad73bad099c52aa58c50309682132",
"671d3ac6d67c4aa66eb654452c9352f9c7987663ca2869c19bb67fc62799d065",
"6f50e18e46e598e1731302ac85342a5e97998ab97ce93950f5b62ca88a17d0fa",
"bb621c0d3f369ddf51c667e35c1a967247496e312e79e210ed87e141479ada55",
"a8f53d5aea29b1ee17fea1df17473c21fb8e294ca0398271563034c26dc5fc47",
"91542ff68f138b7399a6925c027c5da877cb6442b7bd8de5333dd81e1d953fcc",
"6576c99cc0a2105c4079ab3aca1a492343e8585a014a88f8543c8b43b037da5c",
"d6c791223233956c992faed5d2e1b9d436021465d14ba36c4e1061164ed52bc5",
"8ebb089fbf31ea7f2505c73807bb605448e1908d310e74a6a7ce04605e04dd29",
"5deedc5e46f96d9f602c1e87bd9ccbedd4a999f7baffa54a946e96e898da9e9d",
"d03f403ba7dd9076855f6f3569b99f6a46d88df12b541a00d5de0e456578f718"
],
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "ov_net2",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount":
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "shareable",
"Cgroup": "",
"Links": null,
"OomScoreAdj": ,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": ,
"Runtime": "runc",
"ConsoleSize": [
, ],
"Isolation": "",
"CpuShares": ,
"Memory": ,
"NanoCpus": ,
"CgroupParent": "",
"BlkioWeight": ,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": ,
"CpuQuota": ,
"CpuRealtimePeriod": ,
"CpuRealtimeRuntime": ,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DiskQuota": ,
"KernelMemory": ,
"MemoryReservation": ,
"MemorySwap": ,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": ,
"Ulimits": null,
"CpuCount": ,
"CpuPercent": ,
"IOMaximumIOps": ,
"IOMaximumBandwidth": ,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/92b0ff57e03fbca7721437f95431e6e2cf30f42c4049bc03f35faf9e2910ec8d-init/diff:/var/lib/docker/overlay2/c863240dcd004963897d5b3805879ad87038dc5f840e48cccc4517101c33f2de/diff",
"MergedDir": "/var/lib/docker/overlay2/92b0ff57e03fbca7721437f95431e6e2cf30f42c4049bc03f35faf9e2910ec8d/merged",
"UpperDir": "/var/lib/docker/overlay2/92b0ff57e03fbca7721437f95431e6e2cf30f42c4049bc03f35faf9e2910ec8d/diff",
"WorkDir": "/var/lib/docker/overlay2/92b0ff57e03fbca7721437f95431e6e2cf30f42c4049bc03f35faf9e2910ec8d/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "271022e6c6ed",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"sh"
],
"ArgsEscaped": true,
"Image": "busybox",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "bfc2cc3d7aab378528488e6124294a45f8e55404e39e5847b95f8c04bcb76f52",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": ,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/bfc2cc3d7aab",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"IPAddress": "",
"IPPrefixLen": ,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"ov_net2": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"271022e6c6ed"
],
"NetworkID": "3de64fa3d3ee7875685a99ee0d1a21f220ff107c17b2fc25d2cc43dee669f005",
"EndpointID": "7d14cb392da9e77ccb9d574935d535a4f5e4b02e1f44a4ed0a4ee8688d1e9d32",
"Gateway": "",
"IPAddress": "10.0.1.2",
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"MacAddress": "02:42:0a:00:01:02",
"DriverOpts": null
}
}
}
}
]
root@host01:~# docker exec bbox1 ip r
default via 172.18.0.1 dev eth1
10.0.0.0/ dev eth0 scope link src 10.0.0.2
172.18.0.0/ dev eth1 scope link src 172.18.0.2
root@host01:~# docker exec bbox3 ip r
default via 172.18.0.1 dev eth1
10.0.1.0/ dev eth0 scope link src 10.0.1.2
172.18.0.0/ dev eth1 scope link src 172.18.0.3
root@host01:~# docker exec bbox3 ping -c 10.0.0.2
PING 10.0.0.2 (10.0.0.2): data bytes
bytes from 10.0.0.2: seq= ttl= time=0.468 ms
bytes from 10.0.0.2: seq= ttl= time=0.511 ms--- 10.0.0.2 ping statistics ---
packets transmitted, packets received, % packet loss
round-trip min/avg/max = 0.468/0.489/0.511 ms
root@host01:~# docker exec bbox3 ping -c 172.18.0.2
PING 172.18.0.2 (172.18.0.2): data bytes
bytes from 172.18.0.2: seq= ttl= time=0.133 ms
bytes from 172.18.0.2: seq= ttl= time=0.083 ms--- 172.18.0.2 ping statistics ---
packets transmitted, packets received, % packet loss
round-trip min/avg/max = 0.083/0.108/0.133 ms
root@host01:~# iptables-save
# Generated by iptables-save v1.6.0 on Wed Mar ::
*nat
:PREROUTING ACCEPT [:]
:INPUT ACCEPT [:]
:OUTPUT ACCEPT [:]
:POSTROUTING ACCEPT [:]
:DOCKER - [:]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/ -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.18.0.0/ ! -o docker_gwbridge -j MASQUERADE
-A POSTROUTING -s 172.17.0.0/ ! -o docker0 -j MASQUERADE
-A DOCKER -i docker_gwbridge -j RETURN
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Wed Mar ::
# Generated by iptables-save v1.6.0 on Wed Mar ::
*filter
:INPUT DROP [:]
:FORWARD DROP [:]
:OUTPUT ACCEPT [:]
:DOCKER - [:]
:DOCKER-ISOLATION-STAGE- - [:]
:DOCKER-ISOLATION-STAGE- - [:]
:DOCKER-USER - [:]
:ufw-after-forward - [:]
:ufw-after-input - [:]
:ufw-after-logging-forward - [:]
:ufw-after-logging-input - [:]
:ufw-after-logging-output - [:]
:ufw-after-output - [:]
:ufw-before-forward - [:]
:ufw-before-input - [:]
:ufw-before-logging-forward - [:]
:ufw-before-logging-input - [:]
:ufw-before-logging-output - [:]
:ufw-before-output - [:]
:ufw-logging-allow - [:]
:ufw-logging-deny - [:]
:ufw-not-local - [:]
:ufw-reject-forward - [:]
:ufw-reject-input - [:]
:ufw-reject-output - [:]
:ufw-skip-to-policy-forward - [:]
:ufw-skip-to-policy-input - [:]
:ufw-skip-to-policy-output - [:]
:ufw-track-forward - [:]
:ufw-track-input - [:]
:ufw-track-output - [:]
:ufw-user-forward - [:]
:ufw-user-input - [:]
:ufw-user-limit - [:]
:ufw-user-limit-accept - [:]
:ufw-user-logging-forward - [:]
:ufw-user-logging-input - [:]
:ufw-user-logging-output - [:]
:ufw-user-output - [:]
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-
-A FORWARD -o docker_gwbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker_gwbridge -j DOCKER
-A FORWARD -i docker_gwbridge ! -o docker_gwbridge -j ACCEPT
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A FORWARD -i docker_gwbridge -o docker_gwbridge -j DROP
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A DOCKER-ISOLATION-STAGE- -i docker_gwbridge ! -o docker_gwbridge -j DOCKER-ISOLATION-STAGE-
-A DOCKER-ISOLATION-STAGE- -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-
-A DOCKER-ISOLATION-STAGE- -j RETURN
-A DOCKER-ISOLATION-STAGE- -o docker_gwbridge -j DROP
-A DOCKER-ISOLATION-STAGE- -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE- -j RETURN
-A DOCKER-USER -j RETURN
-A ufw-after-input -p udp -m udp --dport -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit /min --limit-burst -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit /min --limit-burst -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type -j ACCEPT
-A ufw-before-input -p udp -m udp --sport --dport -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/ -p udp -m udp --dport -j ACCEPT
-A ufw-before-input -d 239.255.255.250/ -p udp -m udp --dport -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit /min --limit-burst -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit /min --limit-burst -j RETURN
-A ufw-logging-deny -m limit --limit /min --limit-burst -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit /min --limit-burst -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport -j ACCEPT
-A ufw-user-input -p udp -m udp --dport -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport -j ACCEPT
-A ufw-user-input -p udp -m udp --dport -j ACCEPT
-A ufw-user-input -p udp -m udp --dport -j ACCEPT
-A ufw-user-limit -m limit --limit /min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
COMMIT
# Completed on Wed Mar ::
root@host01:~# brctl show
bridge name bridge id STP enabled interfaces
docker0 .02428a652a66 no
docker_gwbridge .02424dd70f5f no veth37959a9
veth9b8f24e
root@host01:~#
