I am using docker chain documented here https://docs.docker.com/network/iptables/ to block incoming traffic from public interface except from one IP.
iptables -I DOCKER-USER -i eno1 ! -s X.X.X.X -j DROP
The side effect of this is that outgoing traffic from container to the rest of the world is also dropped. How to block incoming and allow outgoing using DOCKER-USER chain or something like that ?
Source: Docker Questions