I am trying to understand how Docker interacts with conntrack. I created two containers (connected to docker0), pinged 4 times from one to the other, and analyzed the iptables counts. This is the result: iptables screenshot. My concern is with the first packet. It seems that it matches rules 1, 2, 4, and 6 of the FORWARD chain. However, none of these rules seem to call conntrack, although this is needed for the subsequent packets to match rule 3. My only guess is that the DOCKER chain calls conntrack. Is this correct? Is there a tool to analyze when conntrack is contacted?
Asked
Active
Viewed 211 times
0
-
1Please don't post pictures of text (or links to pictures of text). Including the information necessary to understand your question *in your question*, formatted as a code sample. – larsks Feb 26 '23 at 14:29