Question

我正在努力了解docker0，brctl和iptables输出。就我而言

 brctl show
bridge name bridge id       STP enabled interfaces
br-14dbdf7dc1d9     8000.02426e6d7817   no      vethfff8921
br-170fc6acb839     8000.02424691ed89   no      
br-851c5c8e879e     8000.02425f3f323d   no      
br-8deef37223c4     8000.0242e7147127   no      
docker0     8000.0242376d4146   no      veth83dc44d
docker_gwbridge     8000.0242dac5da62   no      veth2d13cde
                            veth42b21d5
                            veth60ae776
                            vethf461630
virbr0      8000.52540048c227   yes     virbr0-nic

和iptables输出

Chain OUTPUT (policy ACCEPT 263K packets, 29M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68
    0     0 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68

Chain DOCKER (6 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER-INGRESS (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED tcp spt:8080
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5001
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED tcp spt:5001
 1238 1082K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  br-851c5c8e879e !br-851c5c8e879e  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  br-170fc6acb839 !br-170fc6acb839  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  br-14dbdf7dc1d9 !br-14dbdf7dc1d9  0.0.0.0/0            0.0.0.0/0           
  603 36790 DOCKER-ISOLATION-STAGE-2  all  --  docker_gwbridge !docker_gwbridge  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  br-8deef37223c4 !br-8deef37223c4  0.0.0.0/0            0.0.0.0/0           
 1241 1083K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (6 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-851c5c8e879e  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-170fc6acb839  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-14dbdf7dc1d9  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      docker_gwbridge  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-8deef37223c4  0.0.0.0/0            0.0.0.0/0           
  603 36790 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1241 1083K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

DOCKER-INGRESS，DOCKER-ISOLATION-STAGE-1和DOCKER-ISOLATION-STAGE-2链分别代表什么？如果有人可以解释这个问题，那就太好了。

docker0网桥如何创建以及如何工作？

0 个答案: