2
edits
Changes
m
→Setting up a firewall that allows per-container configuration
This setup configures iptables on the HN to disallow access to all hosts, including the containers. However, it allows all traffic into the containers so they may define their own iptables rules and therefore manage their own firewall.
<pre>iptables -P FORWARD ACCEPTiptables -F FORWARD</pre>
This will remove all rules for the FORWARD chain so all packets can pass back and forth between containers and the outside world.
<pre>
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"
</pre>
Also make sure the 'xt_state' module is loaded on the host:
<pre>
modprobe xt_state
</pre>
