docker 一些提示

To detach from the container1 container and leave it running, use the keyboard sequence CTRL-p CTRL-q

场景：centos7.3.1611上，docker版本Server:
Version: 17.05.0-ce
API version: 1.29 (minimum version 1.12)

连个容器A,B连接在缺省的docker0 bridge网络上，A 通过publish port方式将80映射到主机的8080上。此时从主机外部访问主机host的IP:8080端口是正常（docker自动添加了相关iptable 放行规则），此时从容器B 访问 hostip:8080则提示被拒绝。原因是：

[root@docker1 ~]# iptables -t filter -nL INPUT -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
92663   66M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    8   620 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
27334   15M INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
27334   15M INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
27334   15M INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   28  1276 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
27285   15M REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited