Allow Docker container to talk to host only

Asked Jan 28 '20 at 17:57

Active Jan 28 '20 at 18:27

Viewed 467 times

Is there a way to disallow all traffic in Docker container except for traffic from/to the host?

For security reasons, I do not want container to be able to connect to the internet, or scan of other devices on the main network. Defining specific ports host and container can talk trough would be ideal.

Possible example

Allow
host(192.168.0.2:7777) <----> container(192.168.5.1:6666)

Disallow
everything else

My attempt

docker network create --driver=bridge --subnet=192.168.5.0/24 br0
docker run -it --net=br0 --rm --name ubuntutest robertxie/ubuntu-nettools:latest

which assigns IP 192.168.5.2 to the container, but it does also allow connection to the internet and other devices

edited Jan 28 '20 at 18:27

asked Jan 28 '20 at 17:57

P. Kon

Your problem may be similar to [this](https://stackoverflow.com/questions/39913757/restrict-internet-access-docker-container) – Juxuny Wu Jan 28 '20 at 18:34
using --internal flag blocked traffic with host as well as the access to the internet – P. Kon Jan 28 '20 at 18:50

Allow Docker container to talk to host only

Possible example

My attempt

0 Answers0