Docker and fire-walling
- Docker daemon makes an entry into host iptables everytime when a container wants to expose a port on host
- https://fralef.me/docker-and-iptables.html
- There are open source projects which can wrap this and prevent by making a generic entry for ALLOW of this port.
- Weave network for docker
- Excellent docker
Look at docker-fw or dfwfw : these are nothing but the docker daemon / engine interceptor and it provision some iptables entries in between , the best part is these services run as a docker image in privileged mode and does the magic , also include DNS servers.
No comments:
Post a Comment