Disable docker exposed ports in firewall
It should be possible to block the port exposing in global nets from docker containers within the firewall.
It's a massive security lack! Most applications are run behind a 'docker proxy rule', so there's no need to expose the port to the whole internet.
Docker's modifying the firewall by itself, so this has to be disabled.
![](https://secure.gravatar.com/avatar/befa5cd31c808593fffb216713c88b97?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)
Thank you for your idea! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
-- PD
-
captainhook commented
Docker containers should not by default be exposed to the internet.
I posted about this in the forums and included a solution that works for me: https://talk.plesk.com/threads/securing-docker-ports-to-local-access-only-with-firewalld.368775/
-
Anonymous commented
For example, I run a docker with image 'portainer/portainer'.
I mapped the (container internal) port 9000 to host port 49153.
Right now, I am able to access the portainer container with ip:49153 in the web, even if I set up a docker proxy rule to access it with a subdomain.
Blocking this port from external ips through the firewall is not working.