Hi, When I do “docker run -p NNNN:MMMM …”, by default port NNNN on my Mac is accessible to the outside world (e.g. if the docker container is running some web server, it is accessible to a different machine on my network and potentially any machine on the internet).
I work in an environment where a security port scanner is constantly scanning machines on our corporate network looking for open http server ports. It makes nasty threats to my well being when it finds one on my machine. I’d like open docker container ports to be only accessible to the host (my mac laptop) and not accessible to the outside world.
I can prevent outside connections by going to my Mac’s System Preferences/Security/Firewall and set “com.docker.slirp” to “Block incoming connections”.
Is that the preferred way to accomplish blocking outside connections, or is there a better way? e.g. can I set a flag in the container itself to only allow connections from the host?
I’m using docker mac beta Version 1.11.1-beta14 (build: 8670)
Thanks! – Adam