Docker Community Forums

Share and learn in the Docker community.

Limit egress from swarm containers to port 80/443 or deny certain ports

Is it possible to limit egress from swarm containers to only certain ports or to deny certain ports? I’d like to just allow containers to access 80 and 443. If I alter iptables to drop a certain port for OUTPUT on the swarm manager and worker the container is still able to access those ports.

I found the reference for DOCKER-USER in iptables and this works:

sudo /sbin/iptables -I DOCKER-USER -p tcp -m multiport --dport 80,443,53 -j ACCEPT
sudo /sbin/iptables -I DOCKER-USER 2 -p udp -m multiport --dport 80,443,53 -j ACCEPT
sudo /sbin/iptables -I DOCKER-USER 3 -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo /sbin/iptables -I DOCKER-USER 4 -j DROP