0

How to block access to docker container port from the outer internet, by iptables? ubuntu 18 I have remote server, in the server docker containers, i can access that docker container with $MY_SERVER_IP:$docker_container_port. How to disable access to this container from internet and only allow for local calls within this server ?

Here is iptables -L -n output:

Chain INPUT (policy ACCEPT) target prot opt source destination REJECT tcp -- !142.93.231.42 0.0.0.0/0 tcp dpt:4467 reject-with icmp-port-unreachable REJECT tcp -- !127.0.0.1 0.0.0.0/0 tcp dpt:4467 reject-with icmp-port-unreachable DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000 Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 Chain DOCKER (2 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 172.18.0.3 tcp dpt:4466 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 Chain DOCKER-ISOLATION-STAGE-2 (2 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4467 DROP all -- 0.0.0.0/0 0.0.0.0/0 

1 Answer 1

1
iptables -D DOCKER-USER -j RETURN iptables -A DOCKER-USER -j DROP iptables -I DOCKER-USER -s 10.0.0.0/8 -j RETURN iptables -I DOCKER-USER -s 172.16.0.0/12 -j RETURN iptables -I DOCKER-USER -s 192.168.0.0/16 -j RETURN iptables -I DOCKER-USER -s xxx.xxx.xxx.xxx -j RETURN 
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.