79593736

Date: 2025-04-26 08:48:02
Score: 2
Natty:
Report link

I finally ended up with the following solution. That's maybe not perfect but I guess I'm missing some knowledge about firewall rules and Docker routing to do something better. Any suggestion would be more than welcome :)

sudo iptables -F DOCKER-USER
sudo iptables -A DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN
sudo iptables -A DOCKER-USER -i ens3 -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A DOCKER-USER -i ens3 -p tcp -m conntrack --ctstate NEW -j REJECT --reject-with tcp-reset
sudo iptables -A DOCKER-USER -i ens3 -p udp -m conntrack --ctstate NEW -j REJECT --reject-with icmp-port-unreachable
sudo iptables -A DOCKER-USER -j RETURN
Reasons:
  • RegEx Blacklisted phrase (2): Any suggestion
  • Long answer (-0.5):
  • Has code block (-0.5):
  • Self-answer (0.5):
  • Low reputation (0.5):
Posted by: Thomas Ramé