| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| |
| # Generated by iptables-save v1.8.4 on Thu Jan 14 13:59:27 2021 |
| *filter |
| :INPUT ACCEPT [833:75929] |
| :FORWARD DROP [0:0] |
| :OUTPUT ACCEPT [794:143141] |
| :DOCKER-USER - [0:0] |
| -A FORWARD -j DOCKER-USER |
| # Dis-allow any docker container to access the metadata service |
| -A DOCKER-USER -d 169.254.169.254/32 -j REJECT --reject-with icmp-port-unreachable |
| -A DOCKER-USER -j RETURN |
| COMMIT |