接上一篇 docker 容器安全与 firewalld;为了正常使用docker容器和firewalld,而不修改docker的daemon.json,按如下步骤个性firewalld规则,其本质上是修改ptables规则,修改完成后可以用iptables -nL
查看。
firewalld: 3 items found.
Question: How tp add a rule using firewall-cmd to drop/reject specific IP connecting to the server? This can be used as an added security on the server.
firewall-cmd is the most common method of managing firewalld configurations (both running as well as permanent). This tool is a part of the firewalld package.
docker 容器暴露的端口不会因 firewalld 防火墙策略阻断!
最近发现一个问题,docker run 了几个容器,暴雷了 8080, 9090 等等几个端口,一直以为 CentOS 有 firewalld 防火墙在,加了这些端口只允许内网访问,就可以高枕无忧了。
结果有次查看 netstat,居然有一些国外的 IP 连接。这才知道原来有防火墙,容器也不安全!