I want to explicitly open ports on my centos 7 machine, so I've configured firewalld with drop as the default zone and my external zone on my public facing interface. When I run python -m SimpleHTTPServer 8000 and hit the box on port 8000 it fails. But if I add the port to the external zone. It works. All as expected.
However, when I start a docker container on port 8000, and I hit the box externally, I can get to the service. Which is not what I want to happen. I want that to only be accessible if I open port 8000 on zone external.
Even if I bind the docker container to the public address of the box, it still get around the firewall. I can provide more information if needed like route tables and interface configuration, but I don't quite know what's useful. Looking to learn.
The box has two physical interfaces on it, eth0 which has a public ip assigned to it and eth1 which is connected to the private network, and I want to have accessible.
EDIT SOLVED
added --iptables=false to the docker options.
Best Answer
Just needed to add
--iptables=falseto the docker options.