Код:
description "docker firewall mash"
start on started docker
script
ipset create imtiredset nethash -exist
ipset add imtiredset 1.2.3.4 -exist
iptables -N TIREDAF-CHAIN 2>/dev/null || true
iptables -C DOCKER-USER -j TIREDAF-CHAIN 2>/dev/null || \
iptables -I DOCKER-USER -j TIREDAF-CHAIN
iptables -C TIREDAF-CHAIN -m set --match-set imtiredset src -j DROP 2>/dev/null || \
iptables -A TIREDAF-CHAIN -m set --match-set imtiredset src -j DROP
end script