Docker Community Forums

Share and learn in the Docker community.

Block private internet adresses


#1

I’m trying to have a docker image blocked from intranet access.
IP ranges are 10.0.0.0 to 10.255.255.255 and 172.16.0.0 to 172.31.255.255 and 192.168.0.0 to 192.168.255.255
How do I block intranet access for a image either with compose or a simple dockerfile?

I can open port access to a image but how do i block it from affecting the network and host.

docker run -it alpine /bin/sh
/ # ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=37 time=4.574 ms
64 bytes from 192.168.1.1: seq=1 ttl=37 time=1.977 ms

I’m running Windows 10 and Ubuntu 18.10. I will post my image on github so I don’t know what the users will run.


#2

why would you want to solve a network concern inside a container?
This clearly needs to be prevented on the host level or even better on the network level.