AkihiroSuda
commented
3 years ago Should be possible by running iptables inside the container's network namespace, but none of Docker and Podman provides interface for this.
Open hopkinskong opened 3 years ago
AkihiroSuda
commented
3 years ago Should be possible by running iptables inside the container's network namespace, but none of Docker and Podman provides interface for this.
I would like to block some of the containers (not all of them) to access to the internet, but allowing them accept incoming connections. This is useful when creating secure rootless containers with applications (servers) that are designed to have internet connections disallowed (e.g. Servers accepting untrusted users' input/running untrusted codes, etc). Is that possible? Or I have to go with
iptables(I don't know how to reliably get my containers' IP, and they seem to change when rebuilding the containers though)?