Here are the rules that I don't understand (those are created automatically by docker on my ubuntu machine):
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
So we allow all traffic inside docker0 interface that is not going out of that interface and on the next line we allow all traffic that going inside docker0 AND outside docker0. Why do we need 2 separate rules, that just basically allows all traffic inside docker0 interface?
Why do we need 2 separate rules, that just basically allows all traffic inside docker0 interface? Couldn't we just do:
-A FORWARD -i docker0 -j ACCEPT