[SOLVED] Firewall for the container in docker

Firewall for the container in docker

How to know network interface of the container after running docker ?

Requesting simple examples of setting firewall for the container in docker.

Solution

Ok, I asked that question on IRC. If you need to deny/allow access to something from all containers you can use lxcbr0 interface.

Ip addresses of each containers are changed dynamicly after containers are started. Iptables rules should be runned dynamicly after each container was started. It would possible after that issue https://github.com/dotcloud/docker/issues/252 would be resolved, inside hook you can run inspect command to know ip address, for example:

$ sudo ./docker inspect 7c0154dbf88c2498dda9d42e58b6d6f0896368fa986cb2559f08a424cf1107ac
2013/03/29 12:34:02 docker inspect 7c0154dbf88c2498dda9d42e58b6d6f0896368fa986cb2559f08a424cf1107ac
{
     //...
    "NetworkSettings": {
       "IpAddress": "10.0.3.2",
       "IpPrefixLen": 24,
       "Gateway": "10.0.3.1",
       "PortMapping": {}
    },
    //...
}