iptables chain DOCKER-USER for nat/POSTROUTING #40544
Labels
area/networking
kind/enhancement
Enhancements are not bugs or new features but can improve usability or performance.
kind/feature
Functionality or other elements that the project doesn't currently have. Features are new and shiny
Currently we've DOCKER-USER iptables chain, but this helps managing only filter/FORWARD chain, while there are other chains modified by docker
E.g. I'm running docker on a router, and I've several own records in nat/POSTROUTING chain with
-j MASQUERADE
and-j SNAT
. Docker currently adds own rules both before and after my own rules, which makes updating own rules inconvenient and often result in needs to restart docker daemon after updating firewall rules.I propose to add custom chains like DOCKER-USER also to nat/POSTROUTING, and probably to all other chains modified by docker (just in case, to solve this once and for all).
The text was updated successfully, but these errors were encountered: