Disable access to LAN from docker container

Question

I am running Gentoo host with Ubuntu container in Docker. They communicate via bridge automatically created by Docker. I would like to drop all traffic for 192.168.0.0/16 th

Answer 1

As @DRC said, use

iptables -I FORWARD -i docker0 -d 192.168.0.0/16 -j DROP

Nevertheless, this rule will block traffic from your local network to your container (the connection will be established but your container won't be able to respond)

To allow connections from your local network to your container, you have to add also

iptables -I FORWARD -i docker0 -d 192.168.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT