Restrict all ports, except 443 and 80 (allow all from my ip)

nick50 · September 2, 2019, 8:50am

Hello, I have this question.
My goal is to restrict all ports except from my ip address, ports 443 and 80 make public for all.
I found this useful link in documentation, but that blocks all ports:

Then I found more, but they didn’t work at all:

gist.github.com

https://gist.github.com/tehmoon/b1c3ae5e9a67d66186361d4728bed799#file-iptables-reload-sh

iptables-reload.sh

#!/bin/sh
set -e

## SEE https://medium.com/@ebuschini/iptables-and-docker-95e2496f0b45

## You need to add rules in DOCKER-BLOCK AND INPUT for traffic that does not go to a container.
## You only need to add one rule if the traffic goes to the container

CWD=$(cd "$(dirname "${0}")"; pwd -P)
FILE="${CWD}/$(basename "${0}")"

This file has been truncated. show original

I think I’m very close, but still can’t make it work.
It either blocks everything or nothing.

Thanks for any help.

nick50 · September 13, 2019, 7:40am

So i have been debugging, and I found some new information:

It was working, I could reach ports 80, 443 form anywhere and other ports where accessible only via my ip.
But there is another problem.
This “tweak” blocked all outgoing traffic from containers to outer world, which I need, because my containers are downloading styles and fonts from google.

I found this, which sadly didn’t help: Configuring iptables to let Docker containers access out.

Thanks for any help.