Write a Firewall

What

Make a super basic firewall for your docker container. This (extremely practical) firewall will only let egress traffic exit if it is going to neopets.com.

How

🤔 Make your own rule

1. Make your own chain.
2. Attach rule to that chain that accepts traffic if it is sent to ip 23.96.35.235 (neopets!) port 80 using tcp.
3. Attach a rule to that chain that drops all other traffic.
4. Add a jump rule to either the OUTPUT, FORWARD, or INPUT chains so that the traffic exiting the docker container will hit your custom chain.
5. Curl google.com. Does it fail?
6. Curl 23.96.35.235:80. Does it succeed?
7. Curl http://neopets.com. Does it fail or succeed? Why?
8. Practice deleting chains and rules: delete all of the rules and chains that you created.

❓ Question

Why didn’t curling http://neopets.com work?

Expected Result

Hopefully you realize by now that iptables rules are very powerful and very fun :D

Extra Credit

Use iptables rules to make it so you can curl neopets.com, but not google.com

Resources

• iptables man page
• Julia Evans iptables basics
• iptables.info - great resource linked to in Julia’s blog, but only available with the way back machine
• iptables primer