I realized that recently docker add integration with firewalld and I just want to setup my server using firewalld instead of iptables boring rules and chains.
This is my docker zone output:
root@test:~# sudo firewall-cmd --zone=docker --list-all
docker (active)
target: DROP
icmp-block-inversion: no
interfaces: br-0a659f93a5b6 br-be2e44b2b069 docker0
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
I had run multiple services including Laravel(nginx port binding 80 -> 5050), mysql, etc. with above config. I expect that anyone cannot access to port 5050, 3306(mysql) but unfortunately firewall has no effect and everything is open and accessible from outside.
Now How really configure firewalld to drop every request excepts allowed ports?