有點標題黨嫌疑,本質上是chain鏈順序問題html
問題復現linux
$ docker run -d -p 11111:80 nginx:alpine
$ iptables -A INPUT -p tcp --dport 11111 -j DROP
$ curl -I http://localhost:11111
HTTP/1.1 200 OK
Server: nginx/1.15.1
Date: Fri, 07 Sep 2018 09:12:59 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 06 Jul 2018 16:50:07 GMT
Connection: keep-alive
ETag: "5b3f9dbf-264"
Accept-Ranges: bytes
複製代碼
若是各位大佬跟我同樣,對linux基礎知識不牢固,對iptables
僅僅停留在baidu
階段,會很糾結nginx
$ iptables -L INPUT -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11111
複製代碼
命名已經添加了DROP
,也已經生效了,咋就是很差使呢?docker
經過翻查docker文檔Docker and iptables發現,應該使用bash
iptables -I DOCKER-USER -p tcp --dport 11111 -j DROP
複製代碼
具體知識請自行百度curl