Your proven iptables rules for Docker

  • Hi JohnStiles,
    I don't use iptables as a home user. Are you using this in an office environment?


    iptables at home, even g / ufw ... as long as there is an active firewall.


    Generally, I am curious about the network policy that users use with docker containers. Any firewall along with any traffic rules. Docker likes to add his own iptables NAT and FORWARD and DOCKER-USER chain rules if there is no "--iptables = false" variable in the daemon. At the same time, ignore the usual INPUT OUTPUT rules.
    It can be in a standard configuration for an inexperienced user dangerous in the long run ... maybe.


    Some time ago I heard something about the theoretical way to jump out of a container. I also saw one container with a database standing with ports open to the public.


    So I'm curious how many people put their containers unattended on the world if they are not hidden behind a separate NAT / Firewall network.
    Personally, I do not like such situations, hence the interest in good practices when it comes to the firewall traffic policy in terms of the docker.
    Perhaps someone has some interesting practices and experiences with firewall / docker. I will always be happy to learn something new.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!