crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity
ansible/roles/docker/templates/systemd/system/docker.service.d/override.conf.j2

5 lines
350 B
Django/Jinja
Raw Permalink Blame History

[Service]
# Allow domain resolution, don't use adm network for anything else
ExecStartPost=/bin/sh -c "/usr/sbin/iptables -I FORWARD 1 -i docker0 -d 172.16.10.128/32 -p udp --dport 53 -j ACCEPT; /usr/sbin/iptables -I FORWARD 2 -d 172.16.0.0/16 -i docker0 -j REJECT --reject-with icmp-port-unreachable"
ExecStopPost=/usr/sbin/iptables --flush FORWARD
Reference in New Issue View Git Blame Copy Permalink