Hi.
I created docker-compose file that contains next:

version: ‘3’
services:
nginx:
container_name: “nginx”
build:
context: “.”
dockerfile: “docker/nginx/Dockerfile”
ports:
- “80:80”
depends_on:
- web
web:
container_name: “web”
build:
context: “.”
dockerfile: “docker/web/Dockerfile”
environment:
- NODE_PORT=8080
- NODE_ENV=development
- POSTGRES_HOST=postgres
- POSTGRES_PORT=5432
depends_on:
- postgres
command: [“bash”, “/home/wait-for-it.sh”, “postgres:5432”, “–”, “npm”, “start”]
ports:
- 8080:8080
volumes:
- ./src:/home/web/src
postgres:
container_name: “postgres_analytic”
image: “postgres:9.6-alpine”
environment:
- POSTGRES_USER=analytic
- POSTGRES_PASSWORD=analytic
- POSTGRES_DB=analytic
ports:
- 5432:5432
volumes:
- ./docker/postgres/data:/var/lib/postgresql/data

And i created service based on it compose-file. His name is analytic:

[Unit]
Description=analytic
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStartPre=/usr/local/bin/docker-compose -f /home/web/analytic/development.yml down -v
ExecStartPre=/usr/local/bin/docker-compose -f /home/web/analytic/development.yml rm -v
ExecStartPre=-/bin/bash -c ‘docker rmi $(docker images | grep “” | awk '{print $3}')’
ExecStartPre=-/bin/bash -c ‘docker rm -v $(docker ps -aq)’
ExecStart=/usr/local/bin/docker-compose -f /home/web/analytic/development.yml up
ExecStop=/usr/local/bin/docker-compose -f /home/analytic/development.yml down -v
[Install]
WantedBy=multi-user.target

I started my service and after that i see 3 rule in iptables in tables nat:

DNAT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.24.0.4:80
DNAT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.24.0.3:8080
DNAT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.24.0.2:5432

And these rules are open to Internet. But i don’t want to open 3 ports to Internet, i need only one 80 port.
I delete 2 rules and save iptables.
But when i’m restarting service analytic i see 3 rules in itpables again.
How do i open one port to Internet but not 3 rules?