I have two containers, and I wish to block one of them from accessing 169.254.* while allowing the other to access it. Both need to access “the internet”. They do not need to communicate directly with each other.

The reason for this is that one of these containers is meant to be like a sandbox, executing untrusted code, and I don’t want that code to be able to access AWS instance metadata on 169.254.169.254. It’s ok for that container to connect to practically any other IP in the world except that one, although I prefer to block the entire subnet to be safer.

I can think of two possible approaches:

(1) Build a custom node image for the untrusted container that includes an iptables rule dropping packages to 169.254.169.254. In theory a sophisticated attacker could potentially gain root-level access within the untrusted container and override this, but hopefully that’s not possible in practice

(2) Use an iptables rule on the host, somehow able to specify the IP address range of the untrusted container while not blocking the trusted ones. Could I do this if I explicitly define my bridge networks instead of putting them both in the default docker bridge network?