Hardened iptables config for use with Docker

jonostilla · June 27, 2016, 11:29pm

Hey guys,

It seems from both my attempts at using docker in production and now the docker official documentation under the UFW section, it says you default needs to be permissive not drop.

The question, what is a good base firewall config for a dynamic docker environment? I want docker to do it’s thing - I don’t even use --iptables=false and it still doesn’t work (in some circumstances) because of a default drop policy - and I guess docker doesn’t add enough rules to make it happen. If you doubt I’ll give you more details but I’d just be interested to see a default permissive but with other good restrictions for a docker controlled web server. It’s easy to miss things after all.

Topic		Replies	Views
Iptables with DEFAULT DROP/DENY policies and access to containers General	0	582	January 3, 2024
Firewall container General	1	1498	December 3, 2015
Docker and Firewalld configuration to drop access to local networks General	0	421	April 20, 2023
Docker changing default forward policy in iptables General	0	1320	July 2, 2018
Firewalld on the host with docker service General docker	0	955	January 11, 2019

Hardened iptables config for use with Docker

Related topics