Docker-cd, when run with -p 3010:3010 bypass the firewall and open the container port to the world…
If i disable docker and run a python -m http.server, the port is blocked to the outside (as it should, the default rule is drop) but after the docker run, docker opens it.
This prevents me from running a database or a redis with docker, without these services beeing expoded to the world.
I tried: --iptables=false, but got: unknown flag: --iptables
(as sugestes in a similar question: firewalld not blocking docker container ports)
Anyone knows how to prevent docker from oppening holes in my firewall?
Best Answer
If you don't want to expose a containerized service to the world, just bind it to the loopback address:
Now -- regardless of your firewall settings -- this service will only be accessible locally.