Join Log in
Score:0
adrian avatar Server

Block port on Docker containers using iptables

mp flag
adrian

I have a service running on port 3007 in Docker, it's set up like this:

services:
    api:
        ports:
        - 3007:80

I tried adding a rule to the DOCKER-USER chain to block nonlocal traffic on that port:

iptables -I DOCKER-USER -p tcp --dport 3007 ! -s 127.0.0.1 -j DROP

However, this didn't work. Looking at the rules on the DOCKER chain it seems like the forwarded ports are the the ones on the inside of the container (80 and not 3007), so I'm not sure how to go about managing access to them.

210
1 + 3
adrian avatar
mp flag
adrian
One workaround is to configure the app to run on port 3007 within the container so that the rule matches traffic to it, but I'll leave the question up since I can't do this for all my services
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
If you don't want the port to accept outside traffic, why did you expose it?
3
Reply
adrian avatar
mp flag
adrian
@MichaelHampton I need to reverse proxy some of the exposed ports, others are communicated with by applications that aren't in containers
0
Reply
Score:2
avatar Server
in flag
Gerald Schneider

Bind the exposed port to the loopback interface.

services:
    api:
        ports:
        - "127.0.0.1:3007:80"
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.