Struct dfw::types::ContainerToContainer

pub struct ContainerToContainer {
    pub default_policy: ChainPolicy,
    pub rules: Option<Vec<ContainerToContainerRule>>,
}

The container-to-container section, defining how containers can communicate amongst each other.

Fields

default_policy: ChainPolicy

The default_policy defines the default for when there is not a specific rule.

Filtering traffic within the same bridge

Depending on how your host is configured, traffic whose origin and destination interface are the same bridge is not filtered by the kernel netfilter module. This means that this default policy is not honored for traffic between containers that are on the same Docker network, but only for traffic that traverses two bridges.

If your kernel has the br_netfilter kernel-module available, you can set the sysctl net.bridge.bridge-nf-call-iptables to 1 to have the netfilter-module act on traffic within the same bridge, too. You can set this value temporarily like this:

sysctl net.bridge.bridge-nf-call-iptables=1

To permanently set this configuration, take a look at man sysctl.d and man sysctl.conf.

rules: Option<Vec<ContainerToContainerRule>>

An optional list of rules, see ContainerToContainerRule.

Example

The easiest way to define the rules is using TOMLs arrays of tables:

[container_to_container]
default_policy = "drop"

[[container_to_container.rules]]
# first rule here
[[container_to_container.rules]]
# second rule here

Trait Implementations

impl Clone for ContainerToContainer

fn clone(&self) -> ContainerToContainer

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ContainerToContainer

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for ContainerToContainer

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl Eq for ContainerToContainer

impl Hash for ContainerToContainer

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H) where
    H: Hasher, 

Feeds a slice of this type into the given Hasher.

impl PartialEq<ContainerToContainer> for ContainerToContainer

fn eq(&self, other: &ContainerToContainer) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &ContainerToContainer) -> bool

This method tests for !=.

impl Process<Iptables> for ContainerToContainer

fn process(
    &self,
    ctx: &ProcessContext<'_, Iptables>
) -> Result<Option<Vec<IptablesRule>>>

Process the current type within the given ProcessContext, returning zero or more rules to apply with nft.

impl Process<Nftables> for ContainerToContainer

fn process(
    &self,
    ctx: &ProcessContext<'_, Nftables>
) -> Result<Option<Vec<String>>>

Process the current type within the given ProcessContext, returning zero or more rules to apply with nft.

impl StructuralEq for ContainerToContainer

impl StructuralPartialEq for ContainerToContainer