I want to run iptables like commands after every reboot. These commands are not available from container. I tried systemd but since /etc/systemd is read-only, I am not able to add new service which will execute these tasks. Alternatively, is there a way to run iptables from container?
Hi if you run a multicontainer application you can give a container access to the host network namespace, NETWORK_ADMIN capability and install the iptables command. Those together should enable you run the command from a container.
Here are some links for you:
- host networking: https://docs.docker.com/network/host/
--network=host - kernel capabilities: https://docs.docker.com/engine/security/security/#linux-kernel-capabilities you would need
--cap-add=NET_ADMIN
Thanks ton Robert. I could install iptables using your suggestion.