We have setup a jupyter notebook (https://jupyter-notebook.readthedocs.io/en/latest/notebook.html) within a docker container.
The idea is that users connect to jupyter from a web browser on their personal computer, and then can analyse data which is provided by postgres running on the containers host.
This works up to now, we used dockers port mapping and users can direct their browser to http://host-server.ch:8080 and the notebook opens.
To control access to the host and to avoid data leakage to the outside world we want to restrict the network setup so that:
- outside world can connect to http://host-server.ch:8080 which is forwarded to port 8080 of the running container
- from within the container connection to port 5432 on the host is allowed
- all other connections from within the container are forbidden
Can this be done by configuring iptables on the host ? I'm not an iptables expert.
