docker链将被iptables重置
其实我有我的Docker服务的一些问题。 几分钟后,下面的规则就会被iptables删除。
iptables之后:
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- xxxx anywhere RETURN all -- anywhere anywhere Chain trafficfilter (0 references) target prot opt source destination iptables之前:
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 113.100.50.1 anywhere DROP all -- 200.77.191.71 anywhere RETURN all -- anywhere anywhere Chain trafficfilter (0 references) target prot opt source destination
正如你所看到的,有像DOCKER-USER,ISOLATION和其他几个链。它适用于1-10 Min,但是在那之后,规则就消失了。
好吧,我find了。 我只是服务docker重启,之后,我只是保存正确的iptables持久性到rule.v4文件。
它现在工作完美!