Docker Networking and Security


This page shows what’s done to block all inbound traffic except for http, https, ssh and icmp traffic. In other words, how access to mongo, solr etc is blocked from outside.

The major issue here is that docker overrides iptables rules and we need to do a workaround for that. What’s below is just a workaround


  • First we need to install iptables-persistent on our servers

   apt-get install iptables-persistent
  • Restart docker

service docker restart
  • Block access to container ports from outside world. The commands below make sure that they are inserted on top of the DOCKER chain

iptables -I DOCKER 1 -p tcp ! -s --dport 6379 -j DROP
iptables -I DOCKER 1 -p tcp ! -s --dport 8983 -j DROP
iptables -I DOCKER 1 -p tcp ! -s --dport 8000 -j DROP
iptables -I DOCKER 1 -p tcp ! -s --dport 5555 -j DROP
iptables -I DOCKER 1 -p tcp ! -s --dport 27017 -j DROP
  • Finally save iptables