iptables + conntrack + UDP

While UDP is connection-less, conntrack can track connections.

Connections can be checked using apt install conntrack

conntrack -L will show all connection states stores in conntrack.

iptables on Docker

Since Docker routes packets to virtual interfaces, input rules will not working as filters, use forward instead.

