ebtables not working in docker

Question

Hi I am trying to run ebtables within docker however none of the ebtables rules are being hit.

For example - pay attention that counters are not increased though ARP is sent and succeeds

[root@injector /]# ebtables -A OUTPUT -p ARP -j ACCEPT
[root@injector /]# ebtables -Lc  --Lc --Lx
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-p ARP -j ACCEPT , pcnt = 0 -- bcnt = 0
[root@injector /]# ping 192.168.5.201
PING 192.168.5.201 (192.168.5.201) 56(84) bytes of data.
64 bytes from 192.168.5.201: icmp_seq=1 ttl=64 time=0.141 ms
64 bytes from 192.168.5.201: icmp_seq=2 ttl=64 time=0.071 ms
64 bytes from 192.168.5.201: icmp_seq=3 ttl=64 time=0.137 ms
^C
--- 192.168.5.201 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2065ms
rtt min/avg/max/mdev = 0.071/0.116/0.141/0.033 ms
[root@injector /]# ebtables -Lc  --Lc --Lx
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-p ARP -j ACCEPT , pcnt = 0 -- bcnt = 0

The docker is run within compose with the following permissions

privileged: true
cap_add: 
  - NET_ADMIN
  - ALL
volumes:
  - /dev:/dev

Same thing on host root namespace works fine

➜  ~ sudo  ebtables -A OUTPUT -p ARP -j ACCEPT
➜  ~ sudo ebtables -Lc  --Lc --Lx
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-p ARP -j ACCEPT , pcnt = 0 -- bcnt = 0
➜  ~  ping 192.168.5.201
PING 192.168.5.201 (192.168.5.201) 56(84) bytes of data.
64 bytes from 192.168.5.201: icmp_seq=1 ttl=64 time=0.087 ms
64 bytes from 192.168.5.201: icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from 192.168.5.201: icmp_seq=3 ttl=64 time=0.030 ms
^C
--- 192.168.5.201 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2058ms
rtt min/avg/max/mdev = 0.030/0.052/0.087/0.025 ms
➜  ~ sudo ebtables -Lc  --Lc --Lx
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-p ARP -j ACCEPT , pcnt = 4 -- bcnt = 112
➜  ~

docker version based on almalinux:8.5

ebtables not working in docker

0 Answers0