Are your Docker containers connecting to the network (eg using ipvlan or macvlan)? The default bridge network driver doesn’t expose the container publicly unless you explicitly expose a port. If you don’t expose a port, the Docker container is only accessible from the host, not from any other system on the network.
Yeah of course, that’s what I’m doing anyways, but the purpose of a firewall would be defense in depth, even is something were to be published, the firewall got it.
What is a good firewall that can also block ports published with docker? I’d need it to run on the same host.
Are your Docker containers connecting to the network (eg using ipvlan or macvlan)? The default bridge network driver doesn’t expose the container publicly unless you explicitly expose a port. If you don’t expose a port, the Docker container is only accessible from the host, not from any other system on the network.
They are Only in my docker bridge networks and have a few published ports
If you don’t want the Docker container to be accessible from other systems then just don’t publish the port.
Yeah of course, that’s what I’m doing anyways, but the purpose of a firewall would be defense in depth, even is something were to be published, the firewall got it.