Skip to content

Unnable to filter bound ports to only some source IPs #14105

New issue
New issue
Open
Open
Unnable to filter bound ports to only some source IPs#14105
Assignees
sanimej
Labels
area/networkingNetworkingarea/networking/firewallingNetworkingarea/networking/portmappingNetworkingkind/featureFunctionality or other elements that the project doesn't currently have. Features are new and shinykind/question
@mitar

Description

@mitar
mitar
opened on Jun 22, 2015

I would like to filter who can connect to the port I have bound to the host. But it seems that this is non-trivial to do with Docker. The reason is that it adds NAT rules into FORWARDing iptables table, so DROP inside INPUT does not match. One cannot DROP in PREROUTING, and after FORWARD table port is not the same as it is outside, but it is already mapped to the internal port. I would like to use external port so that if I change internals, outside firewall rules do not have to change.

Metadata

Metadata

Assignees

Labels

area/networkingNetworkingarea/networking/firewallingNetworkingarea/networking/portmappingNetworkingkind/featureFunctionality or other elements that the project doesn't currently have. Features are new and shinykind/question

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions