If this is possible, how can it be done?
I want the changes to modify only rules within a container, not affect any other containers, and not affect the host.
Asked
Active
Viewed 945 times
1
-
Do you have IPtables *running* inside the container? In most cases, a container is just a single process, and you should see them as if they're a single binary, so there would be no iptables inside the container, unless you installed it there (and have a process manager, to run multiple processes inside the container). In a default setup, IPtables is running outside the container, and basic rules are managed through docker, i.e. only ports that you "publish" (`-p`) are accessible. – thaJeztah Apr 01 '16 at 07:00
-
Don't have iptables, so you're right about that. Guess I was looking for another way to block a published port on an existing running container. – imagineerThat Apr 01 '16 at 07:53
-
Mostly you should consider a container "immutable", i.e. opening or closing a port should warrant starting a new container to replace the existing one. With a bit of planning (keeping persistent data outside of the container, and store it in a volume), that should be easy to do, but of course, depends on your situation – thaJeztah Apr 01 '16 at 16:40
1 Answers
0
Yes. Docker container is a running instance of an image. Any changes in one container do not affect any other container. Here is one nice answer on dokcer image vs docker container
Community
- 1
- 1
cantSleepNow
- 9,691
- 5
- 31
- 42
-
I guess you answered the yes/no part of the question, but hoping to get a solution as well. – imagineerThat Apr 01 '16 at 06:52
-
Solution for what exactly? I mean, changing IP tables to do what? Block/open port, forward port, allow IP etc... – cantSleepNow Apr 01 '16 at 07:07
-