Lock down network access to internet only

Hi all,

I’m currently trying to isolate a (3rd party) docker container, so that it ONLY has access to the internet.

i.e. It should NOT be able to

  • access/discover other docker containers
  • access/discover the host machine
  • access/discover other machines on the host’s network (other than the gateway)

It should ONLY be able to access the internet (gateway).

Is there a way to do this using only docker network configuration options?

I was thinking I could run a custom gateway container, which locks down access, but wanted to avoid that if there was a native (-> configuration) solution.


  • I cannot modify the docker container e.g. add iptables into the container itself