• PlexSheep@feddit.de
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    What is a good firewall that can also block ports published with docker? I’d need it to run on the same host.

    • dan@upvote.au
      link
      fedilink
      arrow-up
      0
      ·
      9 months ago

      Are your Docker containers connecting to the network (eg using ipvlan or macvlan)? The default bridge network driver doesn’t expose the container publicly unless you explicitly expose a port. If you don’t expose a port, the Docker container is only accessible from the host, not from any other system on the network.

        • dan@upvote.au
          link
          fedilink
          arrow-up
          0
          ·
          9 months ago

          If you don’t want the Docker container to be accessible from other systems then just don’t publish the port.

          • PlexSheep@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            9 months ago

            Yeah of course, that’s what I’m doing anyways, but the purpose of a firewall would be defense in depth, even is something were to be published, the firewall got it.