Docker Community Forums

Share and learn in the Docker community.

Configuring macOS Application Firewall to allow LAN access to container exposing port 80


(Edst) #1

It seems to be a known issue that if one’s running a Docker container exposing a privileged port (e.g. port 80) and has the macOS application firewall turned on, then the container cannot be accessed by other machines on the LAN.


Does anyone have any solutions to this without that don’t involve disabling the firewall?

I have tried adding vpnkit and Docker (Applications/Docker.app/Contents/MacOS/Docker) to the application firewall using socketfilterfw --add …. and socketfilterfw --unblockapp …. with no avail.

macOS version: 10.13.2
Docker for Mac version: 17.12.0-ce-mac49 (21995)


(Lephleg) #2

@edst did you find a workaround on this?
I’m also interested on how to allow incoming connections on port 80 using the native MacOS firewall.

OS Version/build: MacOS High Sierra 10.13.3 (17D102)
Docker for Mac version: Docker version 18.03.0-ce, build 0520e24


Stuck on Docker's Tutorial! Do I need root permissions to bind to a port below 1024?
(Edst) #3

I finally found a solution a few days back. It involves permitting the com.docker.vmnetd process through the application firewall:

sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /Library/PrivilegedHelperTools/com.docker.vmnetd;

sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /Library/PrivilegedHelperTools/com.docker.vmnetd;

(Joha0033) #4

I’m having the same probelm and tried this solution without a fix…
What is the output supposed to be for these commands?

➜ ~ /usr/libexec/ApplicationFirewall/socketfilterfw --add /Library/PrivilegedHelperTools/com.docker.vmnetd

Application at path ( /Library/PrivilegedHelperTools/com.docker.vmnetd ) added to firewall

➜ ~ /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /Library/PrivilegedHelperTools/com.docker.vmnetd

The application is not part of the firewall

STILL getting the same results… any ideas?

docker run -d -p 80:80 --name webserver nginx <-- this says connection refused in the browser

on macOS high sierra 10.13.6
docker version 18.06.1 - ce