I'm trying to set up a Docker container using an isolated network. I've created the network with the command `docker network create --driver bridge isolated_net` and I'm running my container with `docker run --network isolated_net --name my_container -it alpine`. The app I plan to run inside this container needs internet access, which is working good so far. However, I've noticed that the container's gateway, 172.17.0.1, seems to expose my host's listening ports, like SSH and SMB. How can I configure it so that the container has internet access but cannot reach these host ports?
2 Answers
Just be careful about your listening interfaces. Make sure you're not listening on 0.0.0.0, which exposes your services to all interfaces. Instead, specify the interfaces you want to publish.
Your setup sounds a bit off. By default, containers don’t expose any ports unless you specifically tell them to, like with the `-p` flag. If you don't expose your ports, they won't be accessible from the container. What you might be experiencing could be related to how you're structuring your container and network settings. If outbound traffic is what you're aiming for, just avoid exposing those specific ports.
That's exactly what I'm trying to do! I just want to block access to the host's SSH and other services while keeping internet access. What’s the best way to achieve that?