diff options
| author | Gerard Ryan <G.M0N3Y.2503@gmail.com> | 2021-02-20 17:32:31 +1000 |
|---|---|---|
| committer | Gerard Ryan <G.M0N3Y.2503@gmail.com> | 2021-02-21 11:01:38 +1000 |
| commit | 774a0e8be05b9f8e3a1a1220a3b8bea1f07fba61 (patch) | |
| tree | 18557be2b22f047dbf7c5fd86e5463b4bffc9791 /utils/dockerd/files | |
| parent | f4cc4c0c70d40d2188ecdc7db3ddf17f77aeb11d (diff) | |
dockerd: Made blocked_interfaces ip rule REJECT
* Changed from DROP to REJECT to be consistant with other firewall rules
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Diffstat (limited to 'utils/dockerd/files')
| -rwxr-xr-x | utils/dockerd/files/dockerd.init | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/utils/dockerd/files/dockerd.init b/utils/dockerd/files/dockerd.init index 1eaed6710..1ad2b62ea 100755 --- a/utils/dockerd/files/dockerd.init +++ b/utils/dockerd/files/dockerd.init @@ -208,9 +208,9 @@ iptables_add_blocking_rule() { # Ignore errors as it might already be present iptables --table filter --new DOCKER-USER 2>/dev/null - if ! iptables --table filter --check DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP 2>/dev/null; then + if ! iptables --table filter --check DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump REJECT 2>/dev/null; then logger -t "dockerd-init" -p notice "Drop traffic from ${inbound} to ${outbound}" - iptables --table filter --insert DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP + iptables --table filter --insert DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump REJECT fi } |