Docker: limit outgoing connections to the localhost only, while allowing all incoming connections

About

Asked 20/7, 2021 at 15:54 Answered 21/7, 2021 at 16:4

Solved docker network-programming firewall iptables

Some programs in my docker container are making unwanted requests to e.g. Google Analytics and other tracking software, sharing my information. I want to block all this traffic, while still being able to access the docker from outside.

I tried adding the --network=host, this worked correctly, only allowing localhost access from inside the container, but also blocked all external incoming connections.

Is there a way to limit the outgoing connections to the localhost only, while still allowing incoming external connections? I only want to enforce this on a specific docker container, not for my entire system.

Any feedback is appreciated.

Virulence answered 20/7, 2021 at 15:54 Comment(0)

I found a working solution for my problem in another thread:

docker network create --subnet 172.19.0.0/16 no-internet
sudo iptables --insert DOCKER-USER -s 172.19.0.0/16 -j REJECT --reject-with icmp-port-unreachable
sudo iptables --insert DOCKER-USER -s 172.19.0.0/16 -m state --state RELATED,ESTABLISHED -j RETURN

When starting a docker container add:

--network no-internet

After this, I cannot connect to the internet from inside the container. However, I can still access the container ports from the outside.

Virulence answered 21/7, 2021 at 16:4 Comment(1)

Thanks! Beside that maybe someone would like to connect to docker host then just check what is your docker host address e.g. 172.17.0.1, check using ip addr. Use this instead 127.0.0.1 – Joselynjoseph 27/3, 2023 at 14:44

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags