Docker and Firewalld configuration to drop access to local networks

tiki10 · April 20, 2023, 9:26am

Hello,

I’m running Docker 20.10.22 over a Centos7.
From my containers, I can access to all my networks what i don’t want.
So I 've created rules for docker zone in firewalld but these rules have not effect.
I’m not really familiar with iptables or firewalld and I’m probably doing something wrong.
Could you help me to isolate my container ?

Regards,

Tiki

Please find the content of my docker zone :
[root@docker log]# firewall-cmd --list-all --zone=docker
docker (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: br-73346fed0b90 br-8a76a5d30015 br-f624b56e8dc8 br-fec2b59252ba docker0
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family=“ipv4” destination address=“10.2.4.1/32” accept
rule family=“ipv4” destination address=“10.0.0.138/32” accept
rule family=“ipv4” destination address=“10.0.0.0/8” drop
rule family=“ipv4” destination address=“192.168.0.0/16” drop

Topic		Replies	Views
Issue / lack of comprehension about docker and iptables mechanics General	0	1223	February 14, 2019
Cannot block "exposed" ports for incoming connections - CentOs7/firewalld General	3	2238	November 1, 2018
Issues with firewalling docker using docker-user Docker Hub	0	477	September 15, 2019
Iptables with DEFAULT DROP/DENY policies and access to containers General	0	722	January 3, 2024
Seems like firewalld is not honouring rich rules, to give docker container outside connection aside from ping General	1	1315	November 22, 2021

Docker and Firewalld configuration to drop access to local networks

Related topics