Restrict Internet Access - Docker Container

后端未结

关注

 4  1732

南笙 2020-11-27 04:42

I have a situation to restrict internet access of the container in load balancer network. for example in that below picture

Only container4

4条回答

心在旅途 (楼主)

2020-11-27 05:32

As stated in Bilal's answer, the internal network is a good solution if you do not need to expose the ports.

If you do need to expose the ports, the below solution using iptables does the job for my requirements:

docker network create --subnet 172.19.0.0/16 no-internet
sudo iptables --insert DOCKER-USER -s 172.19.0.0/16 -j REJECT --reject-with icmp-port-unreachable
sudo iptables --insert DOCKER-USER -s 172.19.0.0/16 -m state --state RELATED,ESTABLISHED -j RETURN

Then add

--network no-internet

when you run your docker container. For instance:

$ docker run -it --network no-internet ubuntu:focal /bin/bash
root@9f2181f79985:/# apt update
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
  Temporary failure resolving 'archive.ubuntu.com'

0 讨论(0)

查看其它4个回答