https://github.com/ipunkt/docker-firewall-port

Firewall a single port using iptables from inside docker
https://github.com/ipunkt/docker-firewall-port

Last synced: about 1 year ago
JSON representation

Firewall a single port using iptables from inside docker

• Host: GitHub
• URL: https://github.com/ipunkt/docker-firewall-port
• Owner: ipunkt
• License: mit
• Created: 2018-06-21T09:52:31.000Z (about 8 years ago)
• Default Branch: master
• Last Pushed: 2018-06-21T11:05:37.000Z (about 8 years ago)
• Last Synced: 2025-02-07T05:27:48.523Z (over 1 year ago)
• Language: Shell
• Size: 2.93 KB
• Stars: 0
• Watchers: 4
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# docker-firewall-port

Use iptables to firewall off a single port on the host

## Use

Create a Rancher service with

- `Always run one instance on every host`

- add the capability `NET_ADMIN`

- Networking-\>Network `Host`

- Environment `ALLOWED_ADDRESSES=1.2.3.4,2.3.4.5`

## Parameters

Parameters are given as environment variable. The following parameters are available

- PORT, default `111`

- PROTOCOL, default `UDP`. Use `ANY` to not filter by protocol

- ALLOWED\_ADDRESSES, REQUIRED. Allowed ip addresses separated by `,`,`;` or ` `

## Use-case

This image was created with the intend to automatically firewall off port 111 on

Rancher droplets, only accepting traefik from the nfs server serving permanent

storage without opening the port to the world, allowing reflection ddos attacks

on others using our machine.