Disable docker exposed ports in firewall
It should be possible to block the port exposing in global nets from docker containers within the firewall.
It's a massive security lack! Most applications are run behind a 'docker proxy rule', so there's no need to expose the port to the whole internet.
Docker's modifying the firewall by itself, so this has to be disabled.
Thank you for your idea! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
-- PD
-
captainhook commented
Docker containers should not by default be exposed to the internet.
I posted about this in the forums and included a solution that works for me: https://talk.plesk.com/threads/securing-docker-ports-to-local-access-only-with-firewalld.368775/
-
Anonymous commented
For example, I run a docker with image 'portainer/portainer'.
I mapped the (container internal) port 9000 to host port 49153.
Right now, I am able to access the portainer container with ip:49153 in the web, even if I set up a docker proxy rule to access it with a subdomain.
Blocking this port from external ips through the firewall is not working.