Docker-ce oppening Firewalld ports on rocky 8

Techmago

9/11/23, 10:32 PM

Docker-cd, when run with -p 3010:3010 bypass the firewall and open the container port to the world... If i disable docker and run a python -m http.server, the port is blocked to the outside (as it should, the default rule is drop) but after the docker run, docker opens it. This prevents me from running a database or a redis with docker, without these services beeing expoded to the world.

I tried: --iptables=false, but got: unknown flag: --iptables

(as sugestes in a similar question: firewalld not blocking docker container ports)

Anyone knows how to prevent docker from oppening holes in my firewall?

0 + 0

redhat

firewalld

docker

rocky-linux

Score:1

Server

larsks

9/12/23, 1:36 AM

If you don't want to expose a containerized service to the world, just bind it to the loopback address:

docker run -p 127.0.0.1:3010:3010 ...

Now -- regardless of your firewall settings -- this service will only be accessible locally.

0 + 0

Techmago

9/19/23, 7:24 PM

i didnt even know that syntax was valid! Thx!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Docker-ce oppening Firewalld ports on rocky 8

TH: Docker-ce oppening Firewalld ports on rocky 8

RO: Docker-ce oppening Firewalld ports on rocky 8

RU: Docker-ce oppening Firewalld ports on rocky 8

VI: Docker-ce oppening Firewalld ports on rocky 8

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.