Docker, How to make published ports unreachable from outside the host?

Question

Used Docker version: 19.03.12

When I map a port in the container to a port on the Docker host, this port is automatically accessible to the outside, although the iptables default policy is set to drop.

But the mapped port should only be available locally on the host.

What configurations I have to make in order to implement this?

What's your use-case for not having the port be accessible outside the host? — GregL, Sep 18 '20 at 16:18

score 0 · Answer 1 · answered Sep 19 '20 at 02:56

For mapped port you can specify docker to listen only on loopback interface. That way the port would not be accessible from outside.

Something like this assuming you want to map http port on the container:

$ docker run -p 127.0.0.1:80:80 -it <image name>

Docker, How to make published ports unreachable from outside the host?

1 Answers1