Blocking traffic between specific containers on the same bridge network

Hi! I have three containers inside a Docker bridge network. At the moment, they can all communicate with one another. I would like to block communication between two of the containers, as illustrated in the diagram below.

I thought it would be a good idea because if my Nginx container is somehow breached, an attacker would be unable to access the database without also gaining control of the backend container.

Is this advisable, and how might I go about achieving it? Thanks.

You simply create a Docker network “proxy” and a Docker network “db” and attach according services/containers to them.

For Docker security, also check OWASP Docker Security Cheat Sheet.

1 Like

I didn’t think of that! Of course, a container can be in more than one network. Thanks :slight_smile: