Join Log in
Score:0
Danie de Jager avatar Server

Block port 22 on specific Docker container

fr flag
Danie de Jager

I have multiple Docker containers on a Centos 7 host and all their network interfaces are added to the Docker firewalld zone.

I only want to block one of the containers from accepting traffic on port 22, not all the containers.

I added:

iptables -I DOCKER-USER -p tcp -i br-a4faf253d1ff ! -s 10.2.0.4 --dport 22 -j REJECT

but it did not make a difference. How do I block ports on specific interfaces for Docker containers.

104
0 + 0
cn flag
shearn89
Can't you just not map the port when you run the container? The `-I` in your command means 'insert', and IPTables is order-dependent, so it might just be the rule is in the wrong place.
0
Reply
Danie de Jager avatar
fr flag
Danie de Jager
When I ran this I did not even see the record added if I run iptables -S
0
Reply
cn flag
shearn89
Sorry, when you ran what? The command in your question? How do you run the actual container?
0
Reply
Score:0
Danie de Jager avatar Server
fr flag
Danie de Jager

The problem was someone added a port-forward rule under the firewalld zone for docker that took all port 22 traffic and redirected it to the docker container. Removing this forward fixed my issue.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.