在Ubuntu14.04上安装docker maiden后,docker默认iptables是什么意思?
在我首次在Ubuntu 14.04上安装docker之后,docker在iptables中预安装了一些iptables,有人能帮我解释一下docker添加的这些规则吗?每个规则的用法是什么在Ubuntu14.04上安装docker maiden后,docker默认iptables是什么意思?,ubuntu,docker,iptables,rules,Ubuntu,Docker,Iptables,Rules,在我首次在Ubuntu 14.04上安装docker之后,docker在iptables中预安装了一些iptables,有人能帮我解释一下docker添加的这些规则吗?每个规则的用法是什么 # iptables-save # Generated by iptables-save v1.4.21 on Tue Apr 5 12:52:32 2016 *nat :PREROUTING ACCEPT [1345:188285] :INPUT ACCEPT [1332:187243] :OUTPUT
# iptables-save
# Generated by iptables-save v1.4.21 on Tue Apr 5 12:52:32 2016
*nat
:PREROUTING ACCEPT [1345:188285]
:INPUT ACCEPT [1332:187243]
:OUTPUT ACCEPT [24:1510]
:POSTROUTING ACCEPT [24:1510]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Tue Apr 5 12:52:32 2016
# Generated by iptables-save v1.4.21 on Tue Apr 5 12:52:32 2016
*filter
:INPUT ACCEPT [10563:913002]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [745:59756]
:DOCKER - [0:0]
:DOCKER-ISOLATION - [0:0]
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION -j RETURN
COMMIT
# Completed on Tue Apr 5 12:52:32 2016