Abraham Russell

If you don't want Docker to make a hole in your firewall, then map your external port to localhost.

- "3000:3000"
+ "127.0.0.1:3000:3000"

Docker uses IPTABLES to handle network. It automatically injects ACCEPT rules in the system iptable. So, if the system gets any packet on the port, it immediately accepts it and forwards that to the container. Your firewall doesn't even know about this.

Mapping to localhost or an internal ip is the most easiest solution. For advanced cases use `ufw-docker`.

Feb 27 at 9:33pmMastodon for Android