Can't delete docker container's default iptables rule
It's usually easier to delete by number, unless there is a chance that the number could change between the time you listed the rules and the time you delete the rule.
Here's how to delete by line number:
# iptables -L --line-numbers(snip)Chain DOCKER (2 references)num target prot opt source destination 1 ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:http(snip)# iptables -D DOCKER 1
Alternatively, you can get the full specification by doing iptables -S
. Example:
# iptables -S(snip)-A DOCKER -d 172.17.0.2/32 -p tcp -m tcp --dport 80 -j ACCEPT(snip)
Turn the -A
into a -D
and use this as the args to iptables
to delete the rule:
# iptables -D DOCKER -d 172.17.0.2/32 -p tcp -m tcp --dport 80 -j ACCEPT
NOTE: This answer perplexingly still gets upvotes from time to time. I have no idea what everyone is trying to actually accomplish, I just blindly answered an iptables-related question. If you want to start a Docker container that is not accessible to the outside world, that's an entirely different topic, and this is not an appropriate answer in your case. (Maybe start by not exposing/publishing the port.)
This is a bit old but in case someone else is looking for how to remove docker completely from your iptables rules here's how I did it, also keep in mind this is on debian so your files/paths may differ.
- edit your
/etc/iptables.up.rules
file, back up file then remove everything with docker in it - there may also be a few additional lines with the local docker subnet (mine was 172.17.x and 172.19.x) - remove them all - flush iptables:
iptables -P INPUT ACCEPT && iptables -P OUTPUT ACCEPT && iptables -P FORWARD ACCEPT && iptables -F
- reload iptables rules:
iptables-restore < /etc/iptables.up.rules
- verify/check your rules:
iptables -L -n
(should no longer have any docker chains or rules)