I’ve successfully block docker ingress network by reject all incoming packet to DOCKER-INGRESS using iptables -I DOCKER-INGRESS -i eth0 ! -s 127.0.0.1 -j REJECT (replace eth0 with your interface)
--iptables=false has no effect when net.ipv4.conf.all.forwarding=1
Pretty surprising how few people are using iptables with docker… Just realized ufw is not working to deny what I set it up to deny 0_0
I’ve started using the iptables rules described here:
And when I “ufw default deny” and then run nmap domain.com externally - I can see lots of ports are still “open.” So how does the docker community recommend this to be done?