0

I'm building an architecture with docker. As everything is virtual I cannot see how to apply general concept like DMZ, firewalling and other network isolation method.

When two containers are sharing a "private" virtual network, does it really prevent any other containers to connect to this network ?

Is there solution to see and filter what happens in docker virtual network automatically built between two containers ?

Plup
  • 161
  • 1
  • 7
  • https://docs.docker.com/engine/userguide/networking/dockernetworks/ – EEAA Jun 18 '16 at 18:58
  • "To build web applications that act in concert but do so securely, use the Docker networks feature. Networks, by definition, provide complete isolation for containers." I know that. That's why I'm using networks and not links between containers. But I would like to know if somebody really looked into the isolation process and if it provides the same level of security than an Netfilter (for example). – Plup Jun 18 '16 at 19:02
  • This comes down to your local iptables configuration and the security of the userspace docker-proxy command. If you don't trust the physical network, then you also need to be more careful of any security vulnerabilities of each docker host since each of them is a potential access to that docker network, and any container running on the host. – BMitch Jun 18 '16 at 19:53

0 Answers0