Hello, I recently installed an instance of Kasm Workspace on my Ubuntu server and created an account for a friend. However, the containers on the Kasm network can access the other containers, the host, the Internet and the LAN machines on my network, which I don’t want.
How can I severely restrict what containers can do in this network? I’d like them to be able to do only the following things:
- Access the Internet
- Not access the host hosting my containers (192.168.1.200) except by DNS on UDP port 53.
- No access to any LAN machine (192.168.1.0/24)
I don’t have the means or infrastructure to set up a firewall with a DMZ… I’ve already done some research on IPtables but haven’t found anything convincing.
Thanks for the help!
My configuration:
Docker release: Docker version 27.1.1, build 6312585
My current OS:
PRETTY_NAME=“Debian GNU/Linux 12 (bookworm)”
NAME=“Debian GNU/Linux”
VERSION_ID=“12”
VERSION=“12 (bookworm)”
VERSION_CODENAME=bookworm
ID=debian