Block port 22 on specific Docker container

Question

I have multiple Docker containers on a Centos 7 host and all their network interfaces are added to the Docker firewalld zone.

I only want to block one of the containers from accepting traffic on port 22, not all the containers.

I added:

iptables -I DOCKER-USER -p tcp -i br-a4faf253d1ff ! -s 10.2.0.4 --dport 22 -j REJECT

but it did not make a difference. How do I block ports on specific interfaces for Docker containers.

Can't you just not map the port when you run the container? The `-I` in your command means 'insert', and IPTables is order-dependent, so it might just be the rule is in the wrong place. — shearn89, Jan 10 '22 at 08:54
When I ran this I did not even see the record added if I run iptables -S — Danie de Jager, Jan 11 '22 at 09:02
Sorry, when you ran what? The command in your question? How do you run the actual container? — shearn89, Jan 11 '22 at 10:16

score 0 · Answer 1 · answered Jan 12 '22 at 11:10

0

The problem was someone added a port-forward rule under the firewalld zone for docker that took all port 22 traffic and redirected it to the docker container. Removing this forward fixed my issue.

answered Jan 12 '22 at 11:10

Danie de Jager

1
1

Block port 22 on specific Docker container

1 Answers1