Answer the question
In order to leave comments, you need to log in
K
K
kiranananda2019-02-17 20:55:08
kiranananda, 2019-02-17 20:55:08
Docker traffic blocking how to do?
Hello!
Something completely blunted. I have swarm. And I need to allow only a few ports for access from the outside, for example, port 5000 (repository) is definitely not allowed there, and some local services. And everything would be fine, block yourself calmly in the input and enjoy life, but everything turned out to be so fun.
The nat table has a topic like this
Chain DOCKER-INGRESS (2 references)
pkts bytes target prot opt in out source destination
8 384 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:172.18.0.2:8080
19766 1303K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0and all traffic goes to docker host 172.18.0.2. And that is clearly not the current node. How to fit in here so correctly that it would not break other rules? I want to block everyone, and then allow whoever I can... At worst, of course, you can block unnecessary addresses, but there are more chances to make a mistake...
1 answer(s)
@kiranananda
K
kiranananda, 2019-02-17 @kiranananda
But I sort of figured it out, the fastest way is to write here and ideas immediately come :) ...
Cunning dnats and other things, plus reading the docks again. In general, you need to filter in the
DOCKER-USER chain. Then it's all good :)
Similar questions
L
V
A
A
K
kot25662018-04-01 20:59:23
Docker toolbox, how to execute commands from a new console window?
2Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question