English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
CentOS7 Simple configuration of Docker firewall
Disable firewalld service
systemctl disable firewalld systemctl stop firewalld
Install iptables firewall service
yum install iptables-services
Create iptables configuration script
cat >> /usr/local/bin/fired.sh <<'EOF' #!/bin/bash iptables -F iptables -X iptables -Z iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -j ACCEPT #iptables -A INPUT -p tcp --dport 80 -i eth0 -m state -state NEW -m recent -update -seconds 60 -hitcount 50 -j DROP #iptables -A OUTPUT -o eth0 -m owner -uid-owner vivek -p tcp --dport 80 -m state -state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 1:1023 --dport 1:1023 --syn -j DROP iptables -A INPUT -p tcp -i eth0 --dport 22 --sport 1024:65534 -j ACCEPT iptables -A INPUT -p tcp --dport 80 --sport 1024:65534 -j ACCEPT iptables -A INPUT -p tcp --dport 2376 --sport 1024:65534 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 --sport 1024:65534 -j ACCEPT # OpenVPN Configuration # iptables -A POSTROUTING -t nat -s 10.8.0.0/24 -o eth0 -j MASQUERADE # iptables -A FORWARD -i tun+ -j ACCEPT # iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A INPUT -p TCP -i eth0 --dport 10173 --sport 1024:65534 -j ACCEPT # iptables -A INPUT -p UDP -i eth0 --dport 10173 --sport 1024:65534 -j ACCEPT EOF chmod +x /usr/local/bin/fired.sh
Add to boot item
cat >> /etc/rc.d/rc.local <<EOF # Firewall & Docker /usr/bin/systemctl start iptables.service /usr/local/bin/fired.sh /usr/bin/systemctl start docker EOF chmod +x /etc/rc.d/rc.local
disable related service startup
# Note: Docker will automatically add some systemctl disable iptables.service systemctl disable docker
docker on CentOS7some pitfalls
When installing mysql on CentOS's docker, it prompts chown mod /var/lib/mysql permission denied, and the following method 1 can be used to solve it.
Mounting a data volume on CentOS and accessing the data volume inside the container reports permission denied error, and the following method 1 can be used to solve it.
17Security Selinux prohibits some security permissions, causing mysql and mariadb to fail during mounting/var/lib/When running mysql, the following information is prompted:
[root@localhost mariadb]# docker run -d -v ~/mariadb/data/:/var/lib/mysql -v ~/mariadb/config/:/etc/mysql/conf.d -e MYSQL_ROOT_PASSWORD=‘123456‘ test01/mariadb 19c4aa113c610f53f9720ee806e3c918dd18d21dff75c043bdd6db60011a135d [root@localhost mariadb]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 19c4aa113c61 test01/mariadb "docker-entrypoint.sh" 4 seconds ago Exited (1) 1 seconds ago desperate_kelle
Check the logs command and find that the prompt information is: chown: changing ownership of '/var/lib/mysql/Permission denied
So, there are three solutions to solve the problem:
2. Sometimes, when starting a container with port mapping, the following prompt may appear:
1 iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 52080 -j DNAT --to-destination 192.168.20.22:52080 ! -i docker0: iptables: No chain/target/match by that name
This thing, after searching, didn't give any explanation, referred to http://www.lxy520.net/2015/09/24/centos-7-docker-qi-dong-bao/This article says to modify the iptables file, just CentOS7It's possible that there is no such file at all, or there is no service installed for iptables, and the host machine was restarted, and it was restored, during which firewall was tried.-cmd command query and stop the firewall.
Summary
That's all for this article. I hope the content of this article is of certain reference value to everyone's learning or work. If you have any questions, you can leave a message for communication. Thank you for your support of the Yell Tutorial.
Statement: The content of this article is from the Internet, the copyright belongs to the original author. The content is contributed and uploaded by Internet users spontaneously. This website does not own the copyright, does not edit the content manually, and does not assume relevant legal liability. If you find any content suspected of copyright infringement, please send an email to: notice#oldtoolbag.com (Please replace # with @ when sending an email to report abuse, and provide relevant evidence. Once verified, this site will immediately delete the infringing content.)