Don't allow docker internet access

I assume by "local access" you mean you want containers to be able to talk to each other and the docker host, but not be able to get to the network outside the docker host ?

You have a couple of options.

1.

Use iptables to drop all packets to/from your external network interface in the DOCKER chain.

iptables -I DOCKER -i eno1 -j DROP

(eno1 might be different in your case; it's the name of the network interface on my docker host.)

2.

Turn off ip forwarding on the docker host.

echo 0 > /proc/sys/net/ipv4/ip_forward

Note: this will also restrict any virtual machines in the same way but is the general and safe approach for the more security conscious.

SOURCE:

See https://docs.docker.com/v1.5/articles/networking/#the-world "Communication between containers and the wider world" for more information.

Related videos on Youtube

07 : 44

Docker Tutorial Part 7: Expose Docker Containers to External Nework | Publish TCP Port to Host

NetworkEvolution

3740

02 : 29

Docker Container No Internet Issue | No Network Connectivity in the Docker Container

LinuXamination

323

02 : 42

Docker Desktop Access Denied You are not allowed to use Docker

Sharing is Caring

253

05 : 23

How to reach docker containers by name instead of IP address?

Bobby Iliev

12

10 : 18

Docker Container Direct LAN Access.

Roland Josef

6

14 : 17

Docker Container Internet Access

itcircle

3

Author by

techraf

This user really prefers to keep an air of mystery about them.

Updated on September 18, 2022