I'm trying to block a specific IP address while using Docker, but I'm running into issues because Docker integrates with iptables. I attempted to use UFW, but it seems like the deny rules are placed outside of Docker's flow, meaning Docker processes the packet before it even hits the UFW rules.
I'm considering creating a new chain called BLACKLIST, adding the IP address there, and setting it up so that it returns if there's no match. The idea would be for the FORWARD chain to route through BLACKLIST before passing everything onto the Docker chains.
Does this sound like a good strategy? Also, will this setup remain in place after restarting the system or Docker itself?
2 Answers
You can use the DOCKER-USER chain and add your rule at the top like this: `iptables -I DOCKER-USER 1 -s -j DROP`. This ensures that your rule is evaluated first for incoming packets meant for Docker containers. Good luck making it persistent though! Let me know if you figure that part out!
Give it a shot and let us know how it goes! It can help a lot of people who run into the same issue.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures