I would like to be able to prevent docker containers connected to a bridge network from accessing my local network in order to add extra security since they will be accessible from outside (in case a container is compromised). I saw that I should probably use ebtables
or the physdev
module of iptables
but I can’t create a rule that works. Thanks to the one who can help me.
2
Answers
After some research and if anyone is interested, it is possible to use ebtables.
Do not forget to replace the
172.18.0.0/16
subnet with the one on which your containers are connected.I was stumbling through this myself and found one solution was to insert (
-I
) a new rule into theDOCKER-USER
chain.Please see this answer: https://stackoverflow.com/a/73994723/20189349