Hi folks. I've been asking this everywhere and not getting any responses, and so this is my last hope.
I want to use iptables to match based on UID for running container, and I’m using DSCP tagging for this (and I have configured the container to run as the user). But I’m afraid I don’t know ip tables all that well, and understand what docker does to iptables even less. I hope someone can help.
This is what I was doing before using docker to DSCP tag my application by running user: sudo iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner transmission -j DSCP --set-dscp 0x10
I’m afraid now I don’t know how to replicate this functionality.
Indeed, processes running under user “transmission” that are not running in docker do indeed get tagged properly.
3 posts • Page 1 of 1
Probably not the best solution but if you have “iptables: false” in daemon.json, the docker engine will not attempt altering the existing ruleset in any way.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel
Thanks for the suggestion. I do want to continue to have docker to manage it's communications because well, I'm not sure what evils accrue if I don't, heh. But really I'd rather stay standard and just figure out which table/chain I could use to tag the traffic. You'd be surprised how many placesI have asked, and it's almost like, barely anyone knows enough about iptables to really know how it works, but moreso just about how to navigate how it's usually set up. :/