Docker-ce oppening Firewalld ports on rocky 8

Question

Docker-cd, when run with -p 3010:3010 bypass the firewall and open the container port to the world... If i disable docker and run a python -m http.server, the port is blocked to the outside (as it should, the default rule is drop) but after the docker run, docker opens it. This prevents me from running a database or a redis with docker, without these services beeing expoded to the world.

I tried: --iptables=false, but got: unknown flag: --iptables

(as sugestes in a similar question: firewalld not blocking docker container ports)

Anyone knows how to prevent docker from oppening holes in my firewall?

score 1 · Accepted Answer · answered May 12 '22 at 01:36

1

If you don't want to expose a containerized service to the world, just bind it to the loopback address:

docker run -p 127.0.0.1:3010:3010 ...

Now -- regardless of your firewall settings -- this service will only be accessible locally.

answered May 12 '22 at 01:36

larsks

43,623
14
121
180

i didnt even know that syntax was valid! Thx! – Techmago May 19 '22 at 19:24

Docker-ce oppening Firewalld ports on rocky 8

1 Answers1