Docker Community Forums

Share and learn in the Docker community.

Block incoming connections from non-localhost

(Blubber) #1

It seems that Docker forwards traffic on all ports opened inside containers on all interfaces. For instance, I have a webserver running on port 8000 inside a container, and it is reachable from the entire local network. Is there an option to make containers only reachable from localhost?

When the firewall dialog came up I denied it access, but that doesn’t help.

(Fridder) #2

So far I have noticed, that with the firewall on, privileged ports (those below 1024) are not remotely accessible. the other option is to do -p

(Blubber) #3

It seems you’re right, and it also seems that it is not a Docker for Mac problem. Reading the docker compose docs again I now see what I did wrong. Without specifying a host it just binds to whatever port on, so instead I of specifying the port as “8000:8000” I known have it listed as “” and that works.