I'm setting up a homelab with OpenMediaVault and have several Docker containers running, including an nginx proxy manager on port 8085. I want to configure my firewall to block all incoming connections to this port, but allow access only from my local admin PC with the IP address 10.5.1.2. I've already set this up successfully for SSH, but I'm running into issues with Docker. It seems like the iptables rules are being bypassed because Docker manages some of its own iptables. I'm currently using a custom bridge network for my containers. I want to ensure that my default firewall can effectively handle all incoming connections first. Any suggestions on how to achieve this or a better approach?
4 Answers
You're on the right track, but remember that Docker routes through the FORWARD chain, not the INPUT one. You may want to use the DOCKER-USER chain for your rules, as it processes packets before they hit the FORWARD chain. For example, you can set up rules that allow traffic from your admin IP while dropping everything else. Just keep in mind that iptables processes rules from top to bottom, so the order matters! Remember that container packets are forwarded, not directly handled by INPUT.
That’s a classic Docker situation! You can bind the port when creating your container to your admin PC's IP address using the `-p` flag. So it would look like `-p 10.5.1.2:8085:8085`. Just keep in mind that binding to the same IP as your admin PC might create conflicts if that IP is in use elsewhere. You might want to check the network settings to prevent any IP conflicts.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures