I created 2 containers on docker. These containers of mine are in the same network. I want to restrict these containers from accessing my local network. For example; container 1 can access my entire network. but container 2 can’t reach anywhere but only I can access it. I can’t do this from my central firewall because the source address of all containers is my docker host’s IP address. I tried doing this with iptables. I added the following rule for container 1;

iptables -I DOCKER-USER -s 172.17.0.2 -j ACCEPT

and I added the following rule for container 2.

iptables -I DOCKER-USER -s 172.17.0.4 -j DROP

When I do this, container 1 can access my network, container 2 cannot access my network. This is what I want. But as such, container 2 cannot respond to my TCP requests, so I cannot reach it.

Is there a solution to this?