Skip to content

Instantly share code, notes, and snippets.

@beledouxdenis

beledouxdenis/docker-restrict-internet.md

Last active October 21, 2020 13:04
Show Gist options
  • Save beledouxdenis/bbce00c16ed0e1bf9f5d0be319287b0b to your computer and use it in GitHub Desktop.
Save beledouxdenis/bbce00c16ed0e1bf9f5d0be319287b0b to your computer and use it in GitHub Desktop.
Download ZIP
Docker - restrict internet
Raw
docker-restrict-internet.md

The goal is to restrict docker processes to lan only while being able to forward port to the host using e.g. -p 80:80

docker network create lan
docker network inspect lan # copy network ip subnet, e.g. "Subnet": "172.18.0.0/16",
sudo iptables --insert DOCKER-USER -s 172.18.0.0/16 -j REJECT --reject-with icmp-port-unreachable
sudo iptables --insert DOCKER-USER -s 172.18.0.0/16 -m state --state RELATED,ESTABLISHED -j RETURN
docker run --network lan -p 8069:8069 ...

If the forward port is not needed, the below is enough:

docker network create internal --internal
docker run --network internal ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment