解读-m addrtype --dst-type LOCAL -j DOCKER

参考链接：

https://blog.csdn.net/qq_20817327/article/details/113770498

[root@master ~]# iptables -m addrtype --help
iptables v1.4.21

Usage: iptables -[ACD] chain rule-specification [options]
       iptables -I chain [rulenum] rule-specification [options]
       iptables -R chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LS] [chain [rulenum]] [options]
       iptables -[FZ] [chain] [options]
       iptables -[NX] chain
       iptables -E old-chain-name new-chain-name
       iptables -P chain target [options]
       iptables -h (print this help information)
...
Valid types:
                                UNSPEC
                                UNICAST
                                LOCAL
                                BROADCAST
                                ANYCAST
                                MULTICAST
                                BLACKHOLE
                                UNREACHABLE
                                PROHIBIT
                                THROW
                                NAT
                                XRESOLVE

-m addrtype --dst-type LOCAL -j DOCKER

其作用就是：把目标地址类型属于主机系统的本地网络地址的数据包，在数据包进入NAT表PREROUTING链时，都让它们直接jump到一个名为DOCKER的链。

posted @ 2021-09-13 14:10 salami_china 阅读(313) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

junqiang_china

解读-m addrtype --dst-type LOCAL -j DOCKER

-m addrtype --dst-type LOCAL -j DOCKER

公告