Docker Community Forums

Share and learn in the Docker community.

Docker UFW container access on private interface

I’m running Docker and I control my firewall using ufw.

What I want to achieve is to permit inbound access to my container, but to not permit the container to have outbound access to either the Internet or any other container.

I start my Docker daemon with "iptables": false.

I have ufw configured with DEFAULT_FORWARD_POLICY="ACCEPT" and Anywhere ALLOW IN 192.168.1.0/24 with the intention of allowing access from my local subnet.

I start a container to test docker run -d -p 1234:80 nginx:alpine, however if I try to access nginx on port 1234, the connection times out for both 127.0.0.1:1234 and the local IP address of 192.168.1.10:1234. I can however access nginx via the docker0 interface of 172.17.0.2:80.

Can someone help me with what iptables (I assume) command I need to run to permit access to the container on both 127.0.0.1 and the private interface 192.168.1.10 over port 1234?