Allow docker container to connect to certain IP addresses only
The goal is to create a docker container that can connect only to certain IP addresses (both on the local network that the host belongs to, and on the Internet).
The container itself does not need to be directly accessible or expose any ports.
Example:
- Docker host machine 192.168.1.100
- Some device on 192.168.1.150 e.g. an IP camera
- Some cloud VPS on <static_ip>
— need to create a container that can ssh to <static_ip> and connect to the device 192.168.1.150 but cannot connect to anything else whatsoever (specifically no other containers on the host, nothing else on the 192.168.1.0 network, and perhaps even nothing else on the Internet apart from the VPS).
Note that the host runs other containers with various services on them, and those must not be interfered with.
After some research I found that I probably should create a custom bridge network like this:
docker network create --driver bridge \
-o "com.docker.network.bridge.enable_icc"="false" \
my-restricted-network
and then run the container on that network:
docker run --name my-restricted-container \
--network my-restricted-network \
-d image_name /entrypoint.sh
What do I need to do then? I guess add some iptables rules on the host which will control my-restricted-network only. How exactly?
![Toni Kroos là ai? [ sự thật về tiểu sử đầy đủ Toni Kroos ]](https://evbn.org/wp-content/uploads/New-Project-6635-1671934592.jpg)
