我在 Ubuntu 22.04 上,我正在尝试了解 iptables
iptables -L (Docker 相关)
Chain DOCKER (9 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.20.0.2 tcp dpt:51413
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:9000
ACCEPT udp -- anywhere 172.20.0.2 udp dpt:51413
ACCEPT tcp -- anywhere 172.20.0.2 tcp dpt:9091
ACCEPT tcp -- anywhere 172.21.0.3 tcp dpt:6443
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (9 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
我的电脑上有很多网络、minikube 和 k3s。这些规则是如何创建的?我们来看看 /etc/systemd/
cat cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd://
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
此服务是否由默认创建?Docker 设置如何工作?