Block port on Docker containers using iptables

docker iptables docker-compose

I have a service running on port 3007 in Docker, it's set up like this:

services:
    api:
        ports:
        - 3007:80

I tried adding a rule to the DOCKER-USER chain to block nonlocal traffic on that port:

iptables -I DOCKER-USER -p tcp --dport 3007 ! -s 127.0.0.1 -j DROP

However, this didn't work. Looking at the rules on the DOCKER chain it seems like the forwarded ports are the the ones on the inside of the container (80 and not 3007), so I'm not sure how to go about managing access to them.


Solution 1:

Bind the exposed port to the loopback interface.

services:
    api:
        ports:
        - "127.0.0.1:3007:80"

Related

why is this DMARC failing verification?
Using PHPMailer on Hostgator (timeout when try to login into SMTP server)
AWS CLI copy life-cycle configuration between buckets
How to overcome the Weaker MD4 hash issue with samba
How do I set current Unix time in milliseconds?
Your request failed. Use a different payment method, or contact us. Learn more [OR-CCSEH-21] Google Cloud
Windows server 2016 Security Log - Remove extra description text?
Where to get debian mirror status?
Name based virtual hosts cause NET::ERR_CERT_COMMON_NAME_INVALID
Will setting lower TTL on name server (NS) records cause the TTLs on other records to lower?
I can't use vmware on rdp win server error hyper-v [closed]
How can I change the local IP a virtual machine in VmWare NAT DHCP?