• danA
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    Are your Docker containers connecting to the network (eg using ipvlan or macvlan)? The default bridge network driver doesn’t expose the container publicly unless you explicitly expose a port. If you don’t expose a port, the Docker container is only accessible from the host, not from any other system on the network.

      • danA
        link
        fedilink
        arrow-up
        1
        ·
        9 months ago

        If you don’t want the Docker container to be accessible from other systems then just don’t publish the port.

        • PlexSheep@feddit.de
          link
          fedilink
          arrow-up
          1
          ·
          9 months ago

          Yeah of course, that’s what I’m doing anyways, but the purpose of a firewall would be defense in depth, even is something were to be published, the firewall got it.