If I grep under /etc/iptables/rules.v4 all docker related entries I get: If I restart csf or run csf -r and then some of the DOCKER rules are removed so then I have to restart iptables again, so that way I have csf running and Docker rules are back in place. Now If I restart the server or only the iptables service, the configuration works, Docker works and port is not exposed publicly. A DOCKER-USER -i ethernet_external_interface -j DROP In some way, installing netfilters tool for saving iptables rules I have managed to store a set of iptables rules under /etc/iptables/rules.v4 that work.Īpparently Docker is setting up a DOCKER-USER chain where so I managed to isolate Docker only within the server using this iptables rule: I tried to use this csfpost tool but apparently It hasn´t worked. There are many posts in forums reporting that when Docker creates a NAT redirect to certain port, that port is exposed to the entire world. I have been trying to configure CSF and Docker under a Plesk server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |