Hi,
I run an nginx container by docker-compose . I can visit it using http://192.168.222.230/ .
Then I add a reject rule to docker zone.
firewall-cmd --zone=docker --permanent --add-rich-rule='rule family="ipv4" source address="192.168.222.1" port protocol="tcp" port="80" reject'
firewall-cmd --complete-reload
However, I still can visit http://192.168.222.230/ from 192.168.222.1 .
Can someone tell me what's the problem? How to make it work?
OS:CentOS Linux release 7.6.1810 (Core)
firewall-cmd version: 0.5.3
Docker version 20.10.12, build e91ed57
docker-compose.yml
version: "3.9"
services:
nginx:
image: nginx:latest
container_name: nginx
ports:
- "80:80"
firewall-cmd --get-active-zones
docker
interfaces: docker0 br-c6d4a486127d br-6e7f995ee7b1
mock_docker
interfaces: ens33
firewall-cmd --zone=docker --list-all
docker (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: docker0 br-c6d4a486127d br-6e7f995ee7b1
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.222.1" port port="80" protocol="tcp" reject
Hi,
I run an nginx container by docker-compose . I can visit it using http://192.168.222.230/ .
Then I add a reject rule to docker zone.
However, I still can visit http://192.168.222.230/ from 192.168.222.1 .
Can someone tell me what's the problem? How to make it work?
OS:CentOS Linux release 7.6.1810 (Core)
firewall-cmd version: 0.5.3
Docker version 20.10.12, build e91ed57
docker-compose.yml
firewall-cmd --get-active-zones
firewall-cmd --zone=docker --list-all