example-iptables.txt

# Generated by iptables-save v1.4.21 on Thu Mar  5 11:28:01 2015
*nat
:PREROUTING ACCEPT [4526:5946974]
:INPUT ACCEPT [6:450]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
COMMIT
# Completed on Thu Mar  5 11:28:01 2015
# Generated by iptables-save v1.4.21 on Thu Mar  5 11:28:01 2015
*filter
:INPUT ACCEPT [66:8669]
## in a public access configuration, you probably don't want your host to act as an open router,
## thus you'd either change the default policy or implement proper filtering
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [45:8433]
:DOCKER - [0:0]
-A FORWARD -i docker0 -o docker0 -j DOCKER
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j DROP
COMMIT
# Completed on Thu Mar  5 11:28:01 2015