Is there a way to block any connection to a Docker container from outside its docker-compose network?

  docker, iptables

In my configuration, I have 4 servers that run with an instance of the same Docker image. I have been asked to link each of them with a Memcache server, but also to make sure that no one from outside is allowed the connect the image, so that the datas can be trusted.

Basically, the command telnet 172.18.0.1:11211 from outside the containers would return connection refused, while telnet memcached:11211 from inside one of the running containers linked to the Memcached image will start the connection.

EDIT: Forgot the docker-compose.yml file

It’s a simplified version, but the “normal” one just adds up specific and useless datas

version: '2'

services:
  web:
    depends_on:
      - mysql
    ports:
      - 8080:80

  mysql:
    image: mysql:5.7
    ports:
      - 3306:3306

  memcached:
    image: memcached
    depends_on:
      - web

Is there a way to do that, or at least to approach this result?

Thank you in advance.

Source: StackOverflow

LEAVE A COMMENT