We are using BYON (Bring your own node) and we would like to setup the firewall on the node to limit docker access (port 2375 and 6783/tcp and 6783/udp) to just Docker Cloud. What should we use as source IP address range?
Here is the documentation on opening ports:
Before you begin, make sure that ports 6783/tcp and 6783/udp are open on the target host. Optionally, open port 2375/tcp too.
The first two ports allow the node to join the overlay network that allows service discovery among nodes on a Docker Cloud account. Port 2375 allows Docker Cloud to contact the Docker daemon on the host directly using TLS mutual authentication. If this port is not open, Docker Cloud sets up a reverse tunnel from the host to access this port.
So it looks like port 2375 is optional. Is 6783 outbound from the node or inbound? It looks like it is just outbound.
What did you end up doing? I am trying to find the same kind of info. I dont want to just blindly open these ports up without knowing all the details of how Docker Cloud will block any unwanted connection attempts. I use iptables and was wondering if there was a certain range of IPs that should be allowed for the port forwards.
Found a list of IPs used by Docker Cloud here: