How Docker interacts with conntrack?

Rui Valadas

2/25/24, 10:49 PM

I am trying to understand how Docker interacts with conntrack. I created two containers (connected to docker0), pinged 4 times from one to the other, and analyzed the iptables counts. This is the result: iptables screenshot. My concern is with the first packet. It seems that it matches rules 1, 2, 4, and 6 of the FORWARD chain. However, none of these rules seem to call conntrack, although this is needed for the subsequent packets to match rule 3. My only guess is that the DOCKER chain calls conntrack. Is this correct? Is there a tool to analyze when conntrack is contacted?

211

0 + 1

iptables

conntrack

docker

larsks

2/26/24, 2:29 PM

Please don't post pictures of text (or links to pictures of text). Including the information necessary to understand your question *in your question*, formatted as a code sample.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How Docker interacts with conntrack?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.