crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity
ansible/roles/docker/templates/systemd/system/docker.service.d/override.conf.j2

5 lines
369 B
Django/Jinja
Raw Blame History

[Service]
# Allow domain resolution, don't use adm network for anything else
ExecStartPost=/bin/sh -c "/usr/sbin/iptables -I FORWARD 1 -i docker0 -d {{ docker.dns_network }} -p udp --dport 53 -j ACCEPT; /usr/sbin/iptables -I FORWARD 2 -d {{ docker.adm_network }} -i docker0 -j REJECT --reject-with icmp-port-unreachable"
ExecStopPost=/usr/sbin/iptables --flush FORWARD
Reference in New Issue View Git Blame Copy Permalink