I'm trying to restrict my docker exposed ports to a sigle outside IP.
docker (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: br-27117bc1fd93 br-2905af95cf3a br-53c93737f17d br-69f2fcdc6f01 br-b4b3347f7b9c br-b932d5e56d55 br-dbc9429c2b1f docker0
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
public (active)
target: default
icmp-block-inversion: no
interfaces: enp3s0
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
work (active)
target: default
icmp-block-inversion: no
interfaces:
sources: XX.XXX.XXX.XXX
services: cockpit dhcpv6-client http https portainerweb ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Currently the work zone is behaving as i want, (trafic is allowed to the services only for the source IP) and i want to have the docker zone behaving the same.
The problem is i can't add the same source IP to the docker zone.
Is there an obvious way i've missed, or do i need to start adding rich rules in order to have the desired behavior ?
