How to configure firewall for production docker host?

To use the public registry a docker pull creates multiple connections to different IPs (e.g. 162.242.195.84:443, 54.230..:443). What are the best practices regarding securing the docker host?

This discussion is somewhat related to this post but currently without the need for setting up a private registry.

mmmm, I listed the hub builders (just above How to configure firewall for production docker host? ), but you’re right - @kencochrane?

So, what about this topic ?
Has things changed since 2015 ? There are a bunch of open subjects about this issue.

We are not all happy developpers with good buddies in the sec-team allowing a full internet access through their firewall. Several big companies do have severly resptricted firewalls for GOOD reasons, and we cannot use docker easily without any solution for this.

Of course, I’ve started to send access requests to .docker.com and .docker.io domains, but obviously it’s not enough…

Thanks for listening.