nerv Posted January 15, 2023 Share Posted January 15, 2023 Hey folks, I was wondering if it's possible to allow some access around docker isolation? I created a wireguard tunnel for docker which works great, except I can't access the dockers unless the source IP is on my main network (that unraid runs on) or the docker wireguard network. It looks like this is caused by the iptable rules below, but adding rules to allow access to the wireguard subnet doesn't seem to work (or I'm doing it wrong) I inserted the first two rules below to try and allow traffic in/out of 172.31.201.7, but no dice. Is this possible to accomplish? -A DOCKER-ISOLATION-STAGE-1 -i 172.31.201.7 -j ACCEPT -A DOCKER-ISOLATION-STAGE-1 -d 172.31.201.7/32 -j ACCEPT -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -i br-baf8ebd07571 ! -o br-baf8ebd07571 -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -i br-3df3529e5e0f ! -o br-3df3529e5e0f -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -j RETURN -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP -A DOCKER-ISOLATION-STAGE-2 -o br-baf8ebd07571 -j DROP -A DOCKER-ISOLATION-STAGE-2 -o br-3df3529e5e0f -j DROP -A DOCKER-ISOLATION-STAGE-2 -j RETURN Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.