iptables: Journalisation du traffic
iptables -A DOCKER-USER -p tcp -m multiport --dports 80,443 -j LOG --log-level info --log-prefix="ACTION=DOCKER-ACCEPT "
iptables -A DOCKER-USER -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -A DOCKER-USER -d 192.168.240.0/24 -j DROP -m comment --comment "Drop unsolicited"
#valide
iptables -I DOCKER-USER -i enp0s31f6 -p tcp -m multiport --dports 80,443 -j LOG --log-level info --log-prefix="ACTION=DOCKER-ACCEPT "
#incorrect
iptables -I DOCKER-USER -i enp0s31f6 -o br-9dd270203435 -p tcp -m multiport --dports 80,443 -j LOG --log-level info --log-prefix="ACTION=DOCKER-ACCEPT "
#essai
iptables -I DOCKER-USER -i enp0s31f6 -j ufw-user-input -m comment --comment "Traffic entrant géré par UFW"
# valide si ufw-user-forward ajouté a DOCKER-USER
ufw route deny in on enp0s31f6 out on br-9dd270203435 log
# valide
ufw route deny in on enp0s31f6 log
# valide
ufw route insert 2 allow in on enp0s31f6 proto tcp to any port 80,443 comment "Autorise services webs via Docker"
Références