On Wed, Jun 30, 2021 at 12:44:29PM -0000, DragonBillow Zhang wrote:
> On Wed, Jun 30, 2021 at 10:58:03AM -0000, DragonBillow Zhang
wrote:
>
> Correct. However, using a loopback 127.0.0.1 doesn't make any sense
> here. The above policy applies to forwarded packets. Packets to
> 127.0.0.1 will never be forwarded.
>
>
> Are you trying to filter traffic destined to a container?
>
> Or, are you trying to filter traffic originating from a container?
No, I'm not familiar with iptables, so I don't know how to set it.
What puzzles me most is firewalld use nft as it's backend, why
iptables involves this?
Docker and Podman still use iptables.
And firewall-cmd --direct also be titled with "These options
require
user to know basic iptables concepts". iptables should be diabled
already on my desktop.
Unlikely. Almost all distributions have iptables enabled.