Docker iptables 默认如何工作?

Docker iptables 默认如何工作?

我在 Ubuntu 22.04 上,我正在尝试了解 iptables

iptables -L (Docker 相关)

Chain DOCKER (9 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.20.0.2           tcp dpt:51413
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9000
ACCEPT     udp  --  anywhere             172.20.0.2           udp dpt:51413
ACCEPT     tcp  --  anywhere             172.20.0.2           tcp dpt:9091
ACCEPT     tcp  --  anywhere             172.21.0.3           tcp dpt:6443

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (9 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere 

我的电脑上有很多网络、minikube 和 k3s。这些规则是如何创建的?我们来看看 /etc/systemd/

cat cri-docker.service 
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket

[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd://
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

此服务是否由默认创建?Docker 设置如何工作?

相关内容