2

In a simple docker-compose structure like this

version: "2"
services:
  app:
    image: myapp
  db:
    image: mydb

a bridge network is automatically created, which allows:

  1. app and db to see each other
  2. app and db to see the host's network
  3. app and db to reach internet

How can I disallow point 2 while keeping the other two?

Does explicitly creating a bridge network make any difference?

cornuz
  • 437
  • 1
  • 7
  • 17
  • the `FORWARD` chain of iptables on the host is probably the place to place a `-A FORWARD -s appIP -d HOSTNetwork/mask -j DROP` line... – Daniel Widrick Dec 20 '17 at 17:34

0 Answers0