Docker高级教程之智能添加与修改防火墙规则

Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[117.121.x.99]:40033' (RSA) to the list of known hosts.
root@117.121.x.99's password:
Last login: Thu Mar 12 11:04:04 2015 from 211.151.20.221
root@7c31bbfe0091:~
11:04:57 # ifconfig
eth1 Link encap:Ethernet HWaddr 66:17:20:C3:4E:21
inet addr:172.16.1.2 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::6417:20ff:fec3:4e21/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:606 errors:0 dropped:2 overruns:0 frame:0
TX packets:411 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:52692 (51.4 KiB) TX bytes:45451 (44.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

可以设置的外网ip可以正常登陆到test1的容器里

7、测试批量生效防火墙策略

目前仅有test1有防火墙测试了，现在给test2也设置

[root@docker-test3 code]# python modify_docker_container_firewall.py test2 -a -m internal -s 1.1.1.1/24 -pm dynamic -dp 22
{'Mode': 'internal', 'Container_name': 'test2', 'Source_port': '40034', 'Port_mode': 'dynamic', 'Local_port': '22', 'Source_ip': '0.0.0.0/0.0.0.0', 'Id': 1, 'Container_ip': '172.16.1.4/24'}
{'Mode': 'internal', 'Container_name': 'test2', 'Source_port': '40035', 'Source_ip': '0.0.0.0/0.0.0.0', 'Local_port': '22', 'Port_mode': 'dynamic', 'Id': 2, 'Container_ip': '172.16.1.4/24'}
{'Mode': 'internal', 'Container_name': 'test2', 'Source_port': '40036', 'Port_mode': 'dynamic', 'Local_port': '22', 'Source_ip': '1.1.1.1/24', 'Id': 3, 'Container_ip': '172.16.1.4/24'}

然后我在修改一下test1的

[root@docker-test3 code]# python modify_docker_container_firewall.py test1 -a -m internal -s 2.2.2.2/24 -pm dynamic -dp 22
{'Mode': 'internal', 'Container_name': 'test1', 'Source_port': '40030', 'Port_mode': 'dynamic', 'Local_port': '22', 'Source_ip': '1.1.1.1/24', 'Id': 1, 'Container_ip': '172.16.1.2/24'}
{'Destination_ip': '117.121.x.99', 'Mode': 'external', 'Container_name': 'test1', 'Source_port': '40033', 'Source_ip': '0.0.0.0', 'Local_port': '22', 'Port_mode': 'dynamic', 'Id': 2, 'Container_ip': '172.16.1.2/24'}
{'Mode': 'internal', 'Container_name': 'test1', 'Source_port': '40037', 'Port_mode': 'dynamic', 'Local_port': '22', 'Source_ip': '2.2.2.2/24', 'Id': 3, 'Container_ip': '172.16.1.2/24'}

之前如果想动态生效需要知道容器名，下面可以把容器名那里输入all，就可以生效所有已经设置的规则

[root@docker-test3 code]# python modify_docker_container_firewall.py all -e								 
 12/14   首页 上一页 10 11 12 13 14 下一页 尾页