Trying to firewall outside worl from container services

hezten · September 19, 2018, 2:31pm

engine: 18.06.1~ce~3-0~ubuntu
os: DISTRIB_DESCRIPTION=“Ubuntu 18.04.1 LTS”

ive read i can add rules to the DOCKER-USER chain intables to firewall services from outside world.

I run theese lines directly in shell on the host

iptables -A DOCKER-USER -i enp0s31f6 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A DOCKER-USER -i enp0s31f6 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A DOCKER-USER -i enp0s31f6 -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A DOCKER-USER -i enp0s31f6 -p tcp --sport 2222 --src X.X.X.X-m tcp --dport 2222 -j ACCEPT

where X.X.X.X is my ip address at the office that needs to reach the host / containers

After running theese iptables rules, im still able to reach sshd running on the swarm.

Topic		Replies	Views
Issues with firewalling docker using docker-user Docker Hub	0	474	September 15, 2019
Issue / lack of comprehension about docker and iptables mechanics General	0	1221	February 14, 2019
Odd change from 1.10.3 to 1.11.0: external host iptables rules being ignored General	1	1170	April 21, 2016
Docker and Firewalld configuration to drop access to local networks General	0	424	April 20, 2023
IPtables inside container in Swarm mode Swarm swarm	0	995	October 11, 2018

Trying to firewall outside worl from container services

Related topics