I have an DC/OS(Mesos) slave which runs few docker containers with random ports exposed. The server has two interfaces eth0 and eth1. I want to block all incomming traffic through eth0 to docker containers using iptables. The exposed ports must be accessible from interface eth1. I cannot block specific ports since docker containers lauched by DC/OS(Mesos) on random ports.
I have tried iptables -I DOCKER-USER -i eth0 It blocked access to eth0 interface to exposed ports of docker container but I lost internet access inside container can't ping external network
Is there any way to block incomming access to docker exposed ports through eth0 interface?
