Question

我试图在受限制的网络环境中运行docker容器（一个端口打开到Internet）。我读到我可以在主机系统上添加一些iptables规则，但我不想影响其他容器。所以我创造了另一座桥梁＃docker1＆＃39;把iptables规则放在上面。但我不能用它作为码头工具的桥梁：

# docker network create -d bridge -b docker1 restricted
unknown shorthand flag: 'b' in -b
See 'docker network create --help'.

我试过 - 桥，改变地方和东西，什么都行不通，但我在互联网上看到了这种用法。我做错了什么以及如何绕过它？如何只为一组容器创建一个只有一个NAT到互联网端口的网络，而不是所有容器？

提前致谢！

Answer 1

除非您处于旧的群集环境中，否则无需将网络定义为网桥，bridge是单节点docker主机的默认设置。并且不需要传递桥名称，只需让Docker在后端训练名称即可。你的命令很简单：

select Horizontal  Horizontal, sum(headcount)  Headcount, 
  sum(fte)  FTE, BE, Street, City, State, Zip, Country, 
  SQ_FT, O_L, Comp_Code, Entity
FROM
    (SELECT t.Horizontal Horizontal, 
        COUNT(d.SIGNEDAU) Headcount, 
        COUNT(d.SIGNEDAU) * t.[AU Distribution to Services] FTE, 
        a.[BE #] BE, d.ADDRESSLINE1 Street, d.CITY, 
        d.STATE, d.ZIP, d.COUNTRY,  
        a.FT2 SQ_FT, a.[O/L] O_L, a.[Comp Code], a.ENTITY
     FROM dbo.HR_Data d
        join dbo.Service_Taxonomy t
            ON d.SIGNEDAU = t.[AU Code] 
        left join dbo.All_Active a 
            ON d.CITY = a.City 
               AND d.STATE = a.ST 
               AND d.ADDRESSLINE1 = a.Street
     GROUP BY d.SIGNEDAU, t.[AU Distribution to Services], 
        a.[BE #], a.FT2, a.[O/L], a.[Comp Code],
        a.ENTITY, t.[Critical Y/N], t.Horizontal, t.[Level 1], 
        d.ADDRESSLINE1, d.CITY, d.STATE, d.COUNTRY, d.ZIP, 
        d.HR_STATUS, d.EMPLOYEESTATUS
     HAVING d.HR_STATUS = N'A' and d.EMPLOYEESTATUS = N'A') sub
Group by Horizontal, FTE, BE, Street, 
   City, State, Zip, Country, SQ_FT, 
   O_L, Comp_Code, Entity

如何创建docker受限网络

1 个答案: